├── .gitignore
├── README.md
├── README_PUBLIC.md
├── elasticsearch_install.md
├── flask
    ├── app.py
    ├── static
    │   ├── bugs
    │   │   ├── bootstrap
    │   │   │   ├── css
    │   │   │   │   ├── bootstrap-theme.css
    │   │   │   │   ├── bootstrap-theme.css.map
    │   │   │   │   ├── bootstrap-theme.min.css
    │   │   │   │   ├── bootstrap.css
    │   │   │   │   ├── bootstrap.css.map
    │   │   │   │   └── bootstrap.min.css
    │   │   │   ├── fonts
    │   │   │   │   ├── glyphicons-halflings-regular.eot
    │   │   │   │   ├── glyphicons-halflings-regular.svg
    │   │   │   │   ├── glyphicons-halflings-regular.ttf
    │   │   │   │   ├── glyphicons-halflings-regular.woff
    │   │   │   │   └── glyphicons-halflings-regular.woff2
    │   │   │   └── js
    │   │   │   │   ├── bootstrap.js
    │   │   │   │   ├── bootstrap.min.js
    │   │   │   │   └── npm.js
    │   │   ├── css
    │   │   │   └── style.css
    │   │   └── js
    │   │   │   ├── jquery-1.11.3.min.js
    │   │   │   ├── jquery-1.4.2.min.js
    │   │   │   └── jquery.twbsPagination.js
    │   └── drops
    │   │   ├── css
    │   │       ├── 95e46879.main.css
    │   │       └── bootstrap.min.css
    │   │   └── js
    │   │       ├── bootstrap.min.js
    │   │       ├── jquery.js
    │   │       └── jquery.min.js
    └── templates
    │   ├── base.html
    │   ├── index.html
    │   ├── search_bugs.html
    │   └── search_drops.html
├── index.png
├── index_final.png
├── install.md
├── scrapy
    ├── wooyun
    │   ├── scrapy.cfg
    │   └── wooyun
    │   │   ├── __init__.py
    │   │   ├── items.py
    │   │   ├── pipelines.py
    │   │   ├── settings.py
    │   │   └── spiders
    │   │       ├── WooyunSpider.py
    │   │       └── __init__.py
    └── wooyun_drops
    │   ├── scrapy.cfg
    │   └── wooyun_drops
    │       ├── __init__.py
    │       ├── items.py
    │       ├── pipelines.py
    │       ├── settings.py
    │       └── spiders
    │           ├── WooyunSpider.py
    │           └── __init__.py
├── search.png
├── search_final.png
├── tornado
    ├── app.py
    └── templates
    │   ├── base.html
    │   ├── index.html
    │   ├── search_bugs.html
    │   └── search_drops.html
├── update.sh
└── wooyun_final
    ├── 404.php
    ├── bug_detail.php
    ├── bugs.php
    ├── conn.php
    ├── contact.php
    ├── corp_detail.php
    ├── corps.php
    ├── css
        ├── index.css
        ├── style.css
        ├── style_1.css
        └── whitehat_detail.css
    ├── help.php
    ├── images
        ├── bg.png
        ├── bg_1.png
        ├── collect_like.png
        ├── collect_like_1.png
        ├── go-to.png
        ├── go-to_1.png
        ├── libg.gif
        ├── libg_1.gif
        ├── navbg.png
        ├── navbg_1.png
        ├── new.png
        ├── new_1.png
        ├── search.png
        ├── search_1.png
        ├── topbg.png
        └── topbg_1.png
    ├── img
        └── default_avatar.gif
    ├── index.php
    ├── jquery.min.js
    ├── js
        ├── jquery-1.4.2.min.js
        ├── jquery-1.4.2.min_1.js
        └── jquery_1.7.2_jquery.min.js
    ├── searchbug.php
    ├── styles.css
    ├── t1.ttf
    ├── whitehat_detail.php
    └── whitehats.php


/.gitignore:
--------------------------------------------------------------------------------
1 | 
2 | flask/static/drops/运维安全-2547.html
3 | 
4 | *.html
5 | 
6 | *.jpg
7 | 
8 | *.pyc
9 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # wooyun_public
 2 | **乌云公开漏洞、知识库爬虫和搜索**
 3 | **crawl and search for wooyun.org public bug(vulnerability) and drops**
 4 | 
 5 | 
 6 | 1.wooyun公开漏洞爬虫版
 7 | --------
 8 | ![index](index.png)
 9 | ![search](search.png)
10 | 
11 | 源自2016年6月底使用scrapy爬虫爬取的4W公开漏洞和知识库，虚拟机为ubuntu14.04，采用python2+mongodb+flask(tornado)和Elasticsearch搜索引擎。
12 | 
13 | 虚拟机下载地址：
14 | 
15 | [https://pan.baidu.com/s/1HkR4ggvAwTikshsjcKYBuA](https://pan.baidu.com/s/1HkR4ggvAwTikshsjcKYBuA) ，提取密码：8wnb（2018.4.23更新）
16 | 
17 | [安装、使用指南（点我）](README_PUBLIC.md)
18 | 
19 | 2.wooyun公开漏洞纪念版
20 | --------
21 | ![index_final](index_final.png)
22 | ![search_final](search_final.png)
23 | 
24 | 漏洞信息和代码来自于[m0l1ce的wooyun_all_bugs_8.8W](https://github.com/m0l1ce/wooyunallbugs)，包含8.8W漏洞信息（不含知识库）；搜索和漏洞信息代码位于wooyun_final，对代码进行了部份修改:
25 | 
26 | + 修改了搜索功能，支持多关键字搜索和在漏洞详情中搜索
27 | + 修改了离线图片文件的位置，搜索结果直接使用虚拟机中的离线图片
28 | + 修改了代码以适应PHP5.6及更新版本
29 | 
30 | 虚拟机为ubuntu16.04，PHP5.6+MySQL5.7+Apache2。虚拟机下载地址：
31 | [https://pan.baidu.com/s/1qYRqa3U](https://pan.baidu.com/s/1qYRqa3U) 密码: w8vb (2017.7.4)
32 | 
33 | 虚拟机用户名、密码为hancool/qwe123
34 | 
35 | 3.其它
36 | --------
37 | 
38 | + 本程序只用于技术研究和个人使用，程序组件均为开源程序，漏洞和知识库来源于乌云公开漏洞，版权归wooyun.org。
39 | 
40 | 


--------------------------------------------------------------------------------
/README_PUBLIC.md:
--------------------------------------------------------------------------------
  1 | # wooyun_public
  2 | **乌云公开漏洞、知识库爬虫和搜索**
  3 | 
  4 | **crawl and search for wooyun.org public bug(vulnerability) and drops**
  5 | 
  6 | ![index](index.png)
  7 | ![search](search.png)
  8 | 
  9 | 1.依赖组件
 10 | --------
 11 | + python 2.7和pip
 12 | + mongodb
 13 | + scrapy
 14 | + flask 或者 tornado
 15 | + pymongo
 16 | + Elasticsearch (搜索引擎，可选）
 17 | 
 18 |  [在ubuntu下的安装过程（点我）](install.md)
 19 | 
 20 | 
 21 | 2.爬虫（由于wooyun已不可访问，爬虫功能已不可用）
 22 | --------
 23 | 
 24 | + 乌云公开漏洞和知识库的爬虫分别位于目录scrapy/wooyun和scrapy/wooyun_drops
 25 | 
 26 | + 运行scrapy crawl wooyun -a page_max=1  -a local_store=false -a update=false，有三个参数用于控制爬取：
 27 | 
 28 | 	    -a page_max: 控制爬取的页数，默认为1，如果值为0，表示所有页面
 29 | 	    -a local_store: 控制是否将每个漏洞离线存放到本地，默认为false  
 30 | 	    -a update：控制是否重复爬取，默认为false
 31 | 
 32 | + 第一次爬取全部内容时，用scrapy crawl wooyun -a page_max=0 -a update=true
 33 | 
 34 | + 平时只爬取最近的更新时，用scrapy crawl wooyun -a page_max=1，可以根据自己的爬取频率和网站更新情况调整page_max的值
 35 | 
 36 | + 全部公开漏洞的列表和每个漏洞的文本内容存在mongodb中，大概约2G内容；如果整站爬全部文本和图片作为离线查询，大概需要10G空间、2小时（10M电信带宽）；爬取全部知识库，总共约500M空间。（截止2015年10月）
 37 | 
 38 | 3.搜索
 39 | --------
 40 | + 漏洞搜索使用了Flask作为web server，bootstrap作为前端（8.12增加tornador web server，可配合nginx反向代理，支持高并发的应用）
 41 | 
 42 | + 启动web server ：在flask目录下运行./app.py，默认端口是5000
 43 | 
 44 | + #### 启动Elassticsearch（如果已配置了Elasticsearch）：在elasticsearch-2.3.4/bin目录下运行./elasticsearch -d (-d表示以后台方式运行）
 45 | 
 46 |   注：elasticsearch 5.x版本需将flask/app.py中的搜索方式改为bool搜索。
 47 |   即将```search_mongodb_by_es```函数中的```query_dsl```替换为如下所示
 48 | 
 49 | ```
 50 | ...
 51 |       if keywords.strip() == '':
 52 |             query_dsl = {
 53 |                 "query": {
 54 |                     "bool": {
 55 |                         "must": {
 56 |                             "match_all": {}
 57 |                         }
 58 |                     }
 59 |                 },
 60 |                 "sort": {"datetime": {"order": "desc"}},
 61 |                 "from": row_start,
 62 |                 "size": ROWS_PER_PAGE
 63 |             }
 64 |         else:
 65 |             query_dsl = {
 66 |                 "query": {
 67 |                     "bool": {
 68 |                         "must": {
 69 |                             "match": {
 70 |                                 field_name: {
 71 |                                     'query': keywords,
 72 |                                     'operator': 'and'
 73 |                                 }
 74 |                             }
 75 |                         }
 76 |                     }
 77 |                 },
 78 |                 "sort": {"datetime": {"order": "desc"}},
 79 |                 "from": row_start,
 80 |                 "size": ROWS_PER_PAGE
 81 |             }
 82 | ...
 83 | ```
 84 | 
 85 | + 搜索：在浏览器通过http://localhost:5000进行搜索漏洞，多个关键字可以用空格分开。
 86 | 
 87 | + 默认使用mongodb的数据库搜索，在进行全文搜索时比较慢，推荐安装使用Elasicsearch搜索引擎。[安装和配置Elasicsearch的方法（点我）](elasticsearch_install.md)
 88 | 
 89 | 4.为mongodb数据库创建索引
 90 | --------
 91 | ```bash
 92 | mongo
 93 | use wooyun
 94 | db.wooyun_list.ensureIndex({"datetime":1})
 95 | db.wooyun_drops.ensureIndex({"datetime":1})
 96 | ```
 97 | 
 98 | 5.虚拟机
 99 | ------
100 | 
101 | + 虚拟机：在2016年6月底爬的wooyun全部漏洞库和知识库内容，集成了Elasticsearch搜索，总共35G（压缩后约14G），网盘地址为： [https://pan.baidu.com/s/1HkR4ggvAwTikshsjcKYBuA](https://pan.baidu.com/s/1HkR4ggvAwTikshsjcKYBuA) ，提取密码：8wnb（2018.4.23更新）
102 | 
103 | 	使用方法：
104 | 
105 | 		1、压缩包解压后是一个vmware虚拟机的镜像，可以由vmware直接打开运行；
106 | 		2、由于在制作压缩包时虚拟机为“挂起”状态，当前虚拟机的IP地址可能和宿主机的IP地址段不一致，请将虚拟机重启后重新获取IP地址，虚拟机用户密码为hancool/qwe123；
107 | 		3、进入wooyun_public目录，先用git更新一下到最新的代码git pull（如果提示merge冲突，先进行git reset --hard origin/master后再git pull）；
108 | 		4、在elasticsearch-2.3.4/bin目录下运行./elasticsearch -d (-d表示以后台方式运行）
109 | 		5、进入wooyun_public/flask目录，运行./app.py；
110 | 		6、打开浏览器，输入http://ip:5000，ip为虚拟机的网卡地址（使用ifconfig eth0查看）
111 | 
112 |   注：推荐将mongodb升级至最新版本，可将数据部分缩减至1G以内（800M左右）。
113 | 
114 | 6.其它
115 | --------
116 | 
117 | + 本程序只用于技术研究和个人使用，程序组件均为开源程序，漏洞和知识库来源于乌云公开漏洞，版权归wooyun.org。
118 | 
119 | + 期待雨过天晴、重开wooyun!
120 | 


--------------------------------------------------------------------------------
/elasticsearch_install.md:
--------------------------------------------------------------------------------
  1 | Elasticsearch Install
  2 | =============================
  3 | 
  4 | 当进行全文搜索时，使用mongodb效率很低，且比较耗内存；解决办法是使用elasticsearch引擎，通过mongo-connector将数据同步到elasticsearch后进行快速搜索。
  5 | 
  6 | 安装elasticsearch
  7 | --------
  8 | 
  9 | 1、安装JDK（或者JRE）
 10 | 
 11 | ```bash
 12 | sudo apt-get install openjdk-7-jdk
 13 | ```
 14 | 
 15 | 注：5.x 版本需安装```openjdk-8-jdk```。
 16 | 
 17 | 2、下载elasticseach
 18 | 
 19 | ```bash
 20 | wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.3.4/elasticsearch-2.3.4.tar.gz
 21 | tar xvf elasticsearch-2.3.4.tar.gz
 22 | ```
 23 | 
 24 | 亦可通过apt或者yum安装，参见
 25 | 
 26 | deb [https://www.elastic.co/guide/en/elasticsearch/reference/5.0/deb.html](https://www.elastic.co/guide/en/elasticsearch/reference/5.0/deb.html)
 27 | 
 28 | rpm [https://www.elastic.co/guide/en/elasticsearch/reference/5.0/rpm.html](https://www.elastic.co/guide/en/elasticsearch/reference/5.0/rpm.html)
 29 | 
 30 | 注：国内可使用tsinghua（清华）镜像源[https://mirrors.tuna.tsinghua.edu.cn/elasticstack/5.x/](https://mirrors.tuna.tsinghua.edu.cn/elasticstack/5.x/)
 31 | 
 32 | 3、运行elasticsearch
 33 | 
 34 | ```bash
 35 | cd elasticsearch-2.3.4/bin
 36 | ./elasticsearch
 37 | ```
 38 | 
 39 | 亦可通过systemd启动
 40 | 
 41 | ```
 42 | systemctl enable elasticsearch
 43 | systemctl start elasticsearch
 44 | ```
 45 | 
 46 | 4、测试一下，安装完成运行后elasticsearch会在9200端口上进行监听
 47 | 
 48 | ```bash
 49 | curl -X GET http://localhost:9200
 50 | {
 51 |   "name" : "Sebastian Shaw",
 52 |   "cluster_name" : "elasticsearch",
 53 |   "version" : {
 54 |     "number" : "2.3.4",
 55 |     "build_hash" : "e455fd0c13dceca8dbbdbb1665d068ae55dabe3f",
 56 |     "build_timestamp" : "2016-06-30T11:24:31Z",
 57 |     "build_snapshot" : false,
 58 |     "lucene_version" : "5.5.0"
 59 |   },
 60 |   "tagline" : "You Know, for Search"
 61 | }
 62 | ```
 63 | 
 64 | 
 65 | 配置mongodb
 66 | -------
 67 | 
 68 | 1、编辑/etc/mongodb.conf，增加：
 69 | 
 70 | 	replSet=rs0 #这里是指定replSet的名字 
 71 | 	oplogSize=100 #这里是指定oplog表数据大小（太大了不支持）
 72 | 
 73 | 重启动mongodb
 74 | 
 75 | ```bash
 76 | sudo service mongodb restart
 77 | ```
 78 | 2，进入mongodb shell，初始化replicSet
 79 | 
 80 | ```bash
 81 | mongo
 82 | rs.initiate( {"_id" : "rs0", "version" : 1, "members" : [ { "_id" : 0, "host" : "127.0.0.1:27017" } ]})
 83 | ```
 84 | 3，搭建好replicSet之后，退出mongo shell重新登录，提示符会变成：rs0:PRIMARY>，就可以退出Mongodb
 85 | 
 86 | 
 87 | 安装中文分词插件elasticsearch-analysis-ik
 88 | -------
 89 | 
 90 | 1、从github下载编译好好的插件
 91 | 
 92 | ```bash
 93 | cd ~  
 94 | sudo apt-get install unzip
 95 | wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v1.9.4/elasticsearch-analysis-ik-1.9.4.zip
 96 | unzip elasticsearch-analysis-ik-1.9.4.zip -d elasticsearch-analysis-ik
 97 | ```
 98 | 
 99 | 2、将插件复制到elasticsearch的plugins目录
100 | 
101 | ```bash
102 | cp -r elasticsearch-analysis-ik elasticsearch-2.3.4/plugins
103 | ```
104 | 
105 | 3、修改elasticsearch.yml配置，定义插件配置
106 | 
107 | ```bash
108 | vi elasticsearch-2.3.4/config/elasticsearch.yml
109 | ```
110 | 在最后增加:
111 | 
112 | 	index.analysis.analyzer.ik.type : 'ik'
113 | 	index.analysis.analyzer.default.type : 'ik'
114 | 
115 | 注：此部操作在5.x版本中已废弃，参见[https://github.com/medcl/elasticsearch-analysis-ik](https://github.com/medcl/elasticsearch-analysis-ik)
116 | 
117 | 4、退出并重启elasticsearch
118 | 
119 | ```bash
120 |  elasticsearch-2.3.4/bin/elasticsearch -d
121 |  (-d表示以后台方式运行）
122 | ```
123 | 
124 | 安装mongo-connector，将数据同步到elasticsearch
125 | -------
126 | 
127 | ```bash
128 | sudo pip install mongo-connector elastic2_doc_manager
129 | sudo mongo-connector -m localhost:27017 -t localhost:9200 -d elastic2_doc_manager
130 | ```
131 | 显示Logging to mongo-connector.log.后将会把mongodb数据库的信息同步到elasticsearch中，完全同步完成估计需要30分钟左右，同步期间不能中断，否则可能导致elasticsearch与mongodb数据不一致。
132 | 
133 | 在同步过程中，可能会报错：
134 | 
135 | ```bash
136 | OperationFailed: ConnectionTimeout caused by - ReadTimeoutError(HTTPConnectionPool(host=u'localhost', port=9200): Read timed out. (read timeout=10))
137 | 2016-08-04 17:24:53,372 [ERROR] mongo_connector.oplog_manager:633 - OplogThread: Failed during dump collection cannot recover! Collection(Database(MongoClient(u'127.0.0.1', 27017), u'local'), u'oplog.rs')
138 | 2016-08-04 17:24:54,371 [ERROR] mongo_connector.connector:304 - MongoConnector: OplogThread <OplogThread(Thread-7, started 140485117060864)> unexpectedly stopped! Shutting down
139 | ```
140 | 
141 | ####解决办法:
142 | 
143 | 修改timeout值，从默认的10改为200
144 | 
145 | ```bash
146 | sudo vi /usr/local/lib/python2.7/dist-packages/mongo_connector/doc_managers/elastic2_doc_manager.py
147 | ```
148 | 	将：
149 | 	self.elastic = Elasticsearch(hosts=[url],**kwargs.get('clientOptions', {}))
150 | 
151 | 	修改为：
152 | 	self.elastic = Elasticsearch(hosts=[url],timeout=200, **kwargs.get('clientOptions', {}))
153 | 
154 | 
155 | 启用全文搜索
156 | -------
157 | 1、安装elasticsearch-py
158 | 
159 | ```bash
160 | pip install elasticsearch
161 | ```
162 | 2、更新app.py
163 | 
164 | ```bash
165 | cd ~/wooyun_public
166 | git pull
167 | ```
168 | 
169 | 3、修改app.py
170 | 
171 | ```bash
172 | vi ~/wooyun_public/flask/app.py
173 | 修改:
174 | 	SEARCH_BY_ES = 'auto'
175 | ```
176 | 参考链接
177 | -------
178 | 1、[https://imququ.com/post/elasticsearch.html](https://imququ.com/post/elasticsearch.html)
179 | 
180 | 2、[https://github.com/medcl/elasticsearch-analysis-ik](https://github.com/medcl/elasticsearch-analysis-ik)
181 | 
182 | 3、[http://es.xiaoleilu.com](http://es.xiaoleilu.com)
183 | 
184 | 4、[http://www.cnblogs.com/ciaos/p/3601209.html](http://www.cnblogs.com/ciaos/p/3601209.html)
185 | 
186 | 5、[https://segmentfault.com/a/1190000002470467](https://segmentfault.com/a/1190000002470467)
187 | 
188 | 6、[https://github.com/medcl/elasticsearch-analysis-ik/issues/207](https://github.com/medcl/elasticsearch-analysis-ik/issues/207)
189 | 
190 | 7、[https://github.com/mongodb-labs/mongo-connector/wiki/Usage%20with%20ElasticSearch](https://github.com/mongodb-labs/mongo-connector/wiki/Usage%20with%20ElasticSearch)
191 | 


--------------------------------------------------------------------------------
/flask/app.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | #-*- coding: utf-8 -*-
  3 | import math
  4 | import re
  5 | import time
  6 | import urllib2
  7 | import pymongo
  8 | from flask import Flask, request, render_template
  9 | # setting:
 10 | MONGODB_SERVER = 'localhost'
 11 | MONGODB_PORT = 27017
 12 | MONGODB_DB = 'wooyun'
 13 | MONGODB_COLLECTION_BUGS = 'wooyun_list'
 14 | MONGODB_COLLECTION_DROPS = 'wooyun_drops'
 15 | ROWS_PER_PAGE = 20
 16 | ELASTICSEARCH_HOST = 'localhost:9200'
 17 | #ELASTICSEARCH CHOOSE
 18 | #   auto:   auto detect elasticsearch ,if opened then use elasticsearch,else use mongodb
 19 | #   yes:    always use elasticsearch
 20 | #   no:     not use elasticsearch
 21 | SEARCH_BY_ES = 'auto'
 22 | # flask app:
 23 | app = Flask(__name__)
 24 | # monogodb connection string
 25 | connection_string = "mongodb://%s:%d" % (MONGODB_SERVER, MONGODB_PORT)
 26 | content = {'by_bugs':
 27 |            {'mongodb_collection': MONGODB_COLLECTION_BUGS, 'template_html': 'search_bugs.html'},
 28 |            'by_drops':
 29 |            {'mongodb_collection': MONGODB_COLLECTION_DROPS, 'template_html': 'search_drops.html'},
 30 |            }
 31 | 
 32 | 
 33 | def get_search_regex(keywords, search_by_html):
 34 |     keywords_regex = {}
 35 |     kws = [ks for ks in keywords.strip().split(' ') if ks != '']
 36 |     field_name = 'html' if search_by_html else 'title'
 37 |     if len(kws) > 0:
 38 |         reg_pattern = re.compile('|'.join(kws), re.IGNORECASE)
 39 |         # keywords_regex[field_name]={'$regex':'|'.join(kws)}
 40 |         keywords_regex[field_name] = reg_pattern
 41 | 
 42 |     return keywords_regex
 43 | 
 44 | 
 45 | def search_mongodb(keywords, page, content_search_by, search_by_html):
 46 |     client = pymongo.MongoClient(connection_string)
 47 |     db = client[MONGODB_DB]
 48 |     keywords_regex = get_search_regex(keywords, search_by_html)
 49 |     collection = db[content[content_search_by]['mongodb_collection']]
 50 |     # get the total count and page:
 51 |     total_rows = collection.find(keywords_regex).count()
 52 |     total_page = int(
 53 |         math.ceil(total_rows / (ROWS_PER_PAGE * 1.0)))
 54 |     page_info = {'current': page, 'total': total_page,
 55 |                  'total_rows': total_rows, 'rows': []}
 56 |     # get the page rows
 57 |     if total_page > 0 and page <= total_page:
 58 |         row_start = (page - 1) * ROWS_PER_PAGE
 59 |         cursors = collection.find(keywords_regex)\
 60 |             .sort('datetime', pymongo.DESCENDING).skip(row_start).limit(ROWS_PER_PAGE)
 61 |         for c in cursors:
 62 |             c['datetime'] = c['datetime'].strftime('%Y-%m-%d')
 63 |             if 'url' in c:
 64 |                 urlsep = c['url'].split('//')[1].split('/')
 65 |                 c['url_local'] = '%s-%s.html' % (urlsep[1], urlsep[2])
 66 |             page_info['rows'].append(c)
 67 |     client.close()
 68 |     #
 69 |     return page_info
 70 | 
 71 | def search_mongodb_by_es(keywords, page, content_search_by, search_by_html):
 72 |     from elasticsearch import Elasticsearch
 73 | 
 74 |     field_name = 'html' if search_by_html else 'title'
 75 |     page_info = {'current': page, 'total': 0,
 76 |                  'total_rows': 0, 'rows': []}
 77 |     # get the page rows
 78 |     if page >= 1 :
 79 |         row_start = (page - 1) * ROWS_PER_PAGE
 80 |         es = Elasticsearch([ELASTICSEARCH_HOST])
 81 |         if keywords.strip() == '':
 82 |             query_dsl = {
 83 |                 "query":    {
 84 |                     "filtered": {
 85 |                         "query":    {
 86 |                             "match_all":{ }
 87 |                         }
 88 |                     }
 89 |                 },
 90 |                 "sort": {"datetime":   {   "order":    "desc"  }},
 91 |                 "from": row_start,
 92 |                 "size": ROWS_PER_PAGE
 93 |             }
 94 |         else:
 95 |             query_dsl = {
 96 |                 "query":    {
 97 |                     "filtered": {
 98 |                         "query":    {
 99 |                             "match":    {
100 |                                 field_name : {
101 |                                     'query':keywords,
102 |                                     'operator':'and'
103 |                                 }
104 |                             }
105 |                         }
106 |                     }
107 |                 },
108 |                 "sort": {"datetime":   {   "order":    "desc"  }},
109 |                 "from": row_start,
110 |                 "size": ROWS_PER_PAGE
111 |             }
112 |         res = es.search(body=query_dsl,index=MONGODB_DB,doc_type=content[content_search_by]['mongodb_collection'])
113 |         #get total rows and pages
114 |         page_info['total_rows'] = res['hits']['total']
115 |         page_info['total'] = int(math.ceil(page_info['total_rows'] / (ROWS_PER_PAGE * 1.0)))
116 |         #get everyone row set
117 |         for doc in res['hits']['hits']:
118 |             c = doc['_source']
119 |             c['datetime'] = time.strftime('%Y-%m-%d',time.strptime(c['datetime'],'%Y-%m-%dT%H:%M:%S'))
120 |             if 'url' in c:
121 |                     urlsep = c['url'].split('//')[1].split('/')
122 |                     c['url_local'] = '%s-%s.html' % (urlsep[1], urlsep[2])
123 |             page_info['rows'].append(c)
124 | 
125 |     return page_info
126 | 
127 | def check_elastichsearch_open():
128 |     try:
129 |         html = urllib2.urlopen('http://%s' %ELASTICSEARCH_HOST).read()
130 |         if len(html) > 0:
131 |             return True
132 |         else:
133 |             return False
134 |     except:
135 |         return False
136 | 
137 | def get_wooyun_total_count():
138 |     client = pymongo.MongoClient(connection_string)
139 |     db = client[MONGODB_DB]
140 |     collection_bugs = db[MONGODB_COLLECTION_BUGS]
141 |     total_count_bugs = collection_bugs.find().count()
142 |     collection_drops = db[MONGODB_COLLECTION_DROPS]
143 |     total_count_drops = collection_drops.find().count()
144 |     client.close()
145 | 
146 |     return (total_count_bugs, total_count_drops)
147 | 
148 | 
149 | @app.route('/')
150 | def index():
151 |     total_count_bugs, total_count_drops = get_wooyun_total_count()
152 |     return render_template('index.html', total_count_bugs=total_count_bugs, total_count_drops=total_count_drops, title=u'乌云公开漏洞、知识库搜索')
153 | 
154 | 
155 | @app.route('/search', methods=['get'])
156 | def search():
157 |     keywords = request.args.get('keywords')
158 |     page = int(request.args.get('page', 1))
159 |     search_by_html = True if 'true' == request.args.get(
160 |         'search_by_html', 'false').lower() else False
161 |     content_search_by = request.args.get('content_search_by', 'by_bugs')
162 |     if page < 1:
163 |         page = 1
164 |     #search by elasticsearch or mongo
165 |     if SEARCH_BY_ES == 'yes' or ( SEARCH_BY_ES == 'auto' and check_elastichsearch_open() is True ):
166 |         page_info = search_mongodb_by_es(keywords, page, content_search_by, search_by_html)
167 |     else:
168 |         page_info = search_mongodb(keywords, page, content_search_by, search_by_html)
169 |     #
170 |     return render_template(content[content_search_by]['template_html'], keywords=keywords, page_info=page_info, search_by_html=search_by_html, title=u'搜索结果-乌云公开漏洞、知识库搜索')
171 | 
172 | 
173 | def main():
174 |     port = 5000
175 |     app.run(host='0.0.0.0', port = port, debug=False, threaded=True)
176 | 
177 | if __name__ == '__main__':
178 |     main()
179 | 


--------------------------------------------------------------------------------
/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.eot


--------------------------------------------------------------------------------
/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.ttf


--------------------------------------------------------------------------------
/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.woff


--------------------------------------------------------------------------------
/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/flask/static/bugs/bootstrap/fonts/glyphicons-halflings-regular.woff2


--------------------------------------------------------------------------------
/flask/static/bugs/bootstrap/js/npm.js:
--------------------------------------------------------------------------------
 1 | // This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment.
 2 | require('../../js/transition.js')
 3 | require('../../js/alert.js')
 4 | require('../../js/button.js')
 5 | require('../../js/carousel.js')
 6 | require('../../js/collapse.js')
 7 | require('../../js/dropdown.js')
 8 | require('../../js/modal.js')
 9 | require('../../js/tooltip.js')
10 | require('../../js/popover.js')
11 | require('../../js/scrollspy.js')
12 | require('../../js/tab.js')
13 | require('../../js/affix.js')


--------------------------------------------------------------------------------
/flask/static/bugs/css/style.css:
--------------------------------------------------------------------------------
1 | *{margin:0;padding:0;}li{list-style:none;}img{border:none;}a{color:#002E8C;text-decoration:none;}a:hover{color:#F60;text-decoration:underline;}a.btn{border:#999 1px solid;background:#DDD;padding:3px 5px}table{border-spacing:0;border-collapse:collapse;}textarea{font-size:13px;}.fred{color:red;}.fbold{font-weight:bold;}.clear{clear:both;height:0;overflow:hidden}html,body{font:12px Verdana,"Microsoft YaHei",Helvetica,Arial,Sans-Serif;width:100%;height:100%;text-align:center;background:#E0E4E7 url("../images/bg.png") repeat-x top;}.banner,.login,.nav,.bread,.content,.support,#footer{width:1000px;margin:0 auto;text-align:left;background:#FFF;}.banner{height:100px;background:url("../images/topBg.png") repeat-x;position:relative;overflow:normal;z-index:99;clear:both}.banner h1{font-size:40px;height:100px;line-height:100px;text-indent:24px;}.logo{float:left;width:450px}.logo h1{float:left}.logo .weibo{float:left;margin-top:45px;padding-left:9px;height:24px;width:110px;line-height:24px;}.login{width:550px;height:22px;line-height:22px;text-align:right;float:right;}.login a.reg{margin-right:12px;}.remind{width:150px;float:right;background:#f0f0f0;border:#999 1px solid;padding:1px 0;margin:15px 13px 0 0;text-align:center}.nav{color:#B6B6B6;height:40px;line-height:40px;*line-height:42px;background:url("../images/navBg.png") repeat-x;overflow:hidden;position:relative;}.nav ul li{float:left;}.nav ul li a{float:left;color:#B6B6B6;text-decoration:none;background:url("../images/liBg.gif") no-repeat right;padding:0 13px 0 12px;}.nav ul li a:hover{color:#FFF;}.nav p{float:right;height:24px;line-height:24px;text-align:right;padding:8px 12px;}.nav p input{float:right;height:22px;line-height:22px;border:1px solid #999;}.nav p a{float:right;display:block;width:29px;height:24px;margin-left:2px;}.bread{height:24px;line-height:24px;text-indent:12px;}.content{padding-top:10px;position:relative;z-index:2;}.content h3{font-size:14px;font-weight:normal;width:950px;text-indent:10px;margin:0 auto;padding-top:15px;word-break:break-all;word-wrap:break-word;}.content h3 a{font-weight:bold;}.content p.caption{width:936px;line-height:22px;text-indent:2em;border:1px solid #BBB;background:#D7D6DC;margin:10px auto 0;padding:6px;}.content p.corpCaption{display:none;}.content hr{color:#BBB;width:950px;height:0;border:none;border-top:1px solid #BBB;margin:10px auto 0;}.content h2{font-size:26px;width:950px;line-height:2em;margin:0 auto;}.content p.detail{font-size:13px;width:870px;line-height:25px;margin:0 auto;padding:5px 12px;word-break:break-all;word-wrap:break-word;}.content h5{font-size:14px;text-align:center;margin:10px auto 0;}.content h5 a{display:inline-block;height:32px;line-height:32px;text-decoration:none;border:1px solid #999;background:#DDD;padding:0 6px;margin:0 6px;}.corp{display:none;}.success{width:636px;height:122px;line-height:22px;text-align:center;border:1px solid #999;background:#DDD;margin:10px auto 0;padding:84px 6px 6px;}.classTable{width:950px;line-height:22px;border:none;margin:10px auto 0;}.classTable tbody tr th,.classTable tbody tr td{padding:0 6px;}.classTable tbody tr th{text-align:right;}.listTable{width:950px;line-height:22px;border:2px solid #FFF;margin:10px auto 0;}.listTable thead tr{background:#D7D6DC;}.listTable thead tr th{font-weight:normal;text-align:center;}.listTable tbody tr:hover{background-color:#ebebeb;}.listTable tr th,.listTable tr td{border:2px solid #FFF;padding:0 6px;white-space:nowrap;}.listTable tbody tr th{font-weight:normal;text-align:center;}.formTable{font-size:14px;width:950px;line-height:24px;border:none;margin:10px auto 0;}.formTable tbody tr th *,.formTable tbody tr td *{vertical-align:middle;}.formTable tbody tr th,.formTable tbody tr td{padding:3px 6px;white-space:nowrap;}.formTable tbody tr th{font-weight:normal;text-align:right;}.page{width:946px;text-align:right;margin:10px auto 0;padding:0 2px;}.page a{margin:0 5px;}.page a.current{font-weight:bold;text-decoration:underline;}.copyright{height:60px;line-height:60px;margin-left:30px;}.infoTab{width:750px;height:31px;border-bottom:1px solid #999;background:#DDD;margin:0 auto;position:relative;}.infoTab ul{width:726px;height:32px;padding:0 12px;position:absolute;bottom:-1px;right:0;}.infoTab ul li{float:right;height:24px;margin:7px 0 0 6px;padding:0 6px;}.infoTab ul li.current{border:1px solid #999;border-bottom:0;background:#FFF;}.infoTab ul li a{display:block;height:18px;line-height:18px;margin-top:3px;padding:0 6px 1px;*padding:1px 6px 0;*width:50px}.infoTab ul li a:hover{color:#FFF;text-decoration:none;background:#F60;}.infoTab ul li.current a:hover{color:#000;background:#FFF;cursor:default;}.infoContent{display:none;width:726px;margin:10px auto 0;padding:0 12px 10px;}.infoContent.block{display:block;}.infoContent .formTable{width:100%;}.infoContent .listTable{width:700px;}#list .listTable{margin-top:15px;}#userUpdate .content h2{width:750px;}#corpList .listTable{border:none;background:none;margin-top:15px;}#corpList .listTable tr th,#corpList .listTable tr td{border:none;padding:0 6px;white-space:nowrap;}#friends .classTable{width:900px;}#bugDetail .content h3{padding-top:5px;}#bugDetail .content h3.detailTitle{border-left:5px solid #999;margin-top:15px;}.remark{color:blue;display:none;font-size:12px;line-height:24px;}.error{color:red;font-size:12px;line-height:24px;margin-left:24px;}pre,code{font-family:Lucida Console,Courier New,Courier,mono,monospace;color:#333;background-color:#f8f8f8;}pre{border:1px #ccc solid;line-height:18px;overflow:auto;word-wrap:break-word;margin:0 auto;padding:4px 8px;width:852px;}.mainLeft{float:left;width:179px;border-right:1px dashed #333;padding:40px 10px 10px;}.mainLeft ul li{line-height:24px;list-style:square inside;}.mainRight{float:right;width:800px;}.infoLeftTab{width:947px;height:31px;border-bottom:1px solid #999;background:#DDD;margin:0 auto;margin-top:10px;position:relative;}.infoLeftTab ul{width:920px;height:32px;padding:0 12px;position:absolute;bottom:-1px;right:0;}.infoLeftTab ul li{float:left;height:24px;margin:7px 0 0 12px;padding:0 6px;}.infoLeftTab ul li.current{border:1px solid #999;border-bottom:0;background:#FFF;}.infoLeftTab ul li a{display:block;height:18px;line-height:18px;margin-top:3px;padding:0 6px 1px;*padding:1px 6px 0;*width:50px}.infoLeftTab ul li a:hover{color:#FFF;text-decoration:none;background:#F60;}.infoLeftTab ul li.current a:hover{color:#000;background:#FFF;cursor:default;}ul.corplist{margin:0;padding:0}ul.corplist li{float:left}ul.corplist li.current{border-bottom:#000 1px solid}span.small{margin-left:15px;font-size:12px;font-weight:normal}div.comment{margin:0 auto 15px auto;width:870px;text-align:left}dl.commentlist{width:650px}dl.commentlist dt{line-height:22px}dl.commentlist dt span.user{margin-left:15px}dl.commentlist dt span.user label{color:#555555;font-size:12px}dl.commentlist dd{line-height:25px;font-size:14px;padding:5px;word-wrap:break-word;border-bottom:1px dashed #ccc}.content .catrss{background:url("../images/catrss.png") no-repeat left;width:16px;height:11px;display:inline-block;margin-bottom:-1px;margin-left:5px;}.content .corprss{background:url("../images/corprss.png") no-repeat left;width:16px;height:16px;display:inline-block;margin-bottom:-4px;margin-left:5px;}.catrss:hover,.corprss:hover{text-decoration:none;}div.sms_content{width:600px;padding:10px 0 30px 0;word-wrap:break-word;word-break:break-all;table-layout:fixed;clear:both;white-space:-moz-pre-wrap;white-space:-hp-pre-wrap;white-space:-o-pre-wrap;white-space:-pre-wrap;white-space:pre;white-space:pre-wrap;white-space:pre-line}span.sms_time{font-size:12px;float:right;padding-right:20px}.fsize_13{font-size:13px}.csetip{margin:0 15px;font-size:14px}#searchbox{background:url("../images/search.png") no-repeat right;display:inline;float:right;height:24px;line-height:24px;padding:8px 0;margin:0 12px 0 0;}#search_input{height:22px;line-height:22px;width:151px;border:1px solid #999;}#search_button{background:none repeat scroll 0 0 transparent;border:medium none;cursor:pointer;width:29px;height:24px;text-indent:-1000px;}#share{height:24px;line-height:24px;font-size:14px;}.jobshare{margin:10px 0 0 65px;}.new{display:inline-block;background:url(../images/new.png) no-repeat 52px 3px;}.credit{height:16px;border:none;margin:0 0 -3px 5px;}.content .toctit{margin-bottom:5px;background:#eee;border-bottom:1px solid #999;padding:5px 0;margin-top:15px;}.content .toc{font-size:13px;line-height:25px;margin:0 auto;width:900px;margin-left:80px;}.content .toc li{list-style-type:decimal;}#help p,#about p,#lawer p{text-indent:2em;font-size:13px;line-height:25px;margin:0 auto;width:900px;word-wrap:break-word;}span.tag{text-align:center;margin-right:3px;padding:2px 5px;background:#E1E1E1}span.zonetag{font-size:12px;text-align:center;margin-right:4px;padding:3px 6px;background:#E1E1E1;border:#CCC 1px solid}.hot{width:932px;height:160px;border:1px solid #DDD;margin:0 auto;padding:0 8px 8px;overflow:hidden;position:relative;}.scrollContent{width:932px;position:absolute;top:0;left:8px;}.hotContent{width:932px;padding-bottom:8px;overflow:hidden;}.hot .listTable{float:left;width:522px;display:block;}.zoneIntro{float:right;width:376px;height:142px;line-height:1.5em;background:#EFEFEF;margin-top:6px;padding:6px 12px;}.zoneIntro h1{line-height:1.5em;font-size:18px;margin-bottom:5px;}.zoneIntro p{line-height:1.8em;text-indent:2em;}.zoneList{width:950px;height:22px;line-height:22px;margin:0 auto;padding-bottom:10px;}.zoneList li{float:left;display:block;margin-right:3px;}.zoneList li a{float:left;border:1px solid #DDD;background:#EEE;padding:0 6px;}.zoneList li a:hover{text-decoration:none;}.zoneList li.current a{color:#FFF;text-decoration:none;background:#F60;}.zoneList li.current a:hover{text-decoration:none;}.support{width:950px;border-top:1px solid #DDD;margin-top:12px;}.supportTable{border:none;margin-top:10px;}.supportTable tr th{font-size:15px;font-weight:bold;}.supportTable tr th,.supportTable tr td{padding:3px 6px;}.bugImg{min-width:200px;max-width:870px;width:auto;_width:600px;}.replys{margin:0 15px 15px 65px;}.replys .topic{width:100%;}.replylist .reply{border-bottom:1px solid #CCC;overflow:hidden;padding:15px 15px 0 15px;}.reply .description p{font-size:14px;margin-top:10px;}.replylist li{width:700px;}.fixed,.clear{clear:both;}.clearfix:after{content:".";display:block;clear:both;visibility:hidden;line-height:0;height:0;}.clearfix{display:inline-block;}.author-info .addtime,.replylist .addtime{font:12px Georgia,Verdana,Microsoft YaHei,Helvetica,Arial,Sans-Serif;color:#333;}.reply .reply-info{color:#999;}.reply .replylist-act{height:14px;float:right;padding-bottom:8px;}.reply .replylist-act .replyBtn{display:none;}.reply .replylist-act span.floor{display:block;float:right;margin-left:10px;color:#999}.paper-info h3{line-height:24px;padding:0;}.paper-toc{line-height:24px;margin-left:100px;}.paper-toc li{line-height:24px;}#paper{font-size:14px;}#paper .toc li{list-style:none;}#paper p{text-indent:2em;font-size:14px;line-height:25px;margin:0 auto;width:900px;word-wrap:break-word;}div.toc-sidebar{border:1px solid #ccc;background:none repeat scroll 0 0 #f8f8f8;float:right;position:fixed;top:4em;right:1em;z-index:1;border-radius:4px 4px 4px 4px;opacity:0.2;padding:3px;}div.toc-sidebar:hover{box-shadow:0 0 8px #666;opacity:1;}div.toc-sidebar ul{margin:0;padding:0 0 0 1em;}div.toc-sidebar>ul{padding:0;}div.toc-sidebar li{list-style-type:none;line-height:18px;overflow:hidden;margin:0;padding:0 0 0 18px;}.good_replys{background-color:#FFF;border:1px solid #999;width:730px;bottom:-100px;}.good_replys_title{font-size:20px;color:#FF6600;font-weight:bold;background:#EEEEEE;border-bottom:1px solid #999999;padding:5px 10px;}.good_replys_list{padding:0;}.good_replys_list .replylist{margin-bottom:-2px;}.content h5.rating{height:45px;margin:10px auto 0;width:320px;}.myrating{width:140px;}.myrating span{display:inline-block;width:21px;height:21px;background:url(/images/star-empty.png) center no-repeat;cursor:pointer}.myrating span.on{background:url(/images/star-new.png) center no-repeat}.myrating span.hover{background:url(/images/star-new-hover.png) center no-repeat}.ratingText,.myrating{float:left;}#ratingShow{width:350px;text-align:left;font-weight:normal;position:absolute;padding:0 0 0 18px}.ratingShow{text-align:left;font-weight:normal;position:absolute;padding:0 15px;background:#fff;text-indent:0}.likenums{margin-left:10px;color:red;}.likenum{position:relative;display:inline-block;top:0;height:14px;width:90px;vertical-align:-2px;_height:15px;}.likebox,.likepre,.likesuf{display:inline-block;height:16px;overflow-y:hidden;background:url(/images/likeicon.png);}.likebox{float:right;background-position:0 -19px;background-repeat:repeat-x;left:10px;}.likepre,.likesuf,.liketext{overflow:hidden;float:left;cursor:default;}.likepre{cursor:pointer;}.liketext{color:#2979A1;line-height:16px;font-size:11px;width:30px;text-align:center;}.liketext_min{width:35px;}.liketext_max{width:55px;}.likepre{width:20px;}.likesuf{width:3px;background-position:-32px 0;}#rating_wrap{font-size:10px;line-height:21px;height:110px;margin:3px auto 0;width:250px;}.starstop{float:left;background:url(/images/all_star.png);display:block;width:105px;height:21px;margin:0;}.stargray{float:left;background:url(/images/star_gray.png);display:block;width:105px;height:18px;margin:0;}.sub_ins .starstop{float:none;width:105px;display:inline;position:absolute;}.stars{display:inline-block;background:url(/images/all_star.png);width:105px;height:21px;margin:1px 0 0 7px;}.stars4{background-position:left 84px;}.stars3{background-position:left 63px;}.stars2{background-position:left 42px;}.stars1{background-position:left 21px;}.power{height:15px;float:left;background:#f5cbad;margin:3px 3px;}.itemcount{font-size:11px;}.btn-fav{border:1px solid #EDCEBA;border-radius:3px 3px 3px 3px;display:inline-block;height:19px;line-height:19px;margin-left:4px;overflow:hidden;padding:0 8px 0 20px;vertical-align:middle;}a.btn-fav:link,a.btn-fav:visited{background-color:#FFF6EE;border-color:#F2ECE7;color:#99776B;font-weight:normal}a.btn-fav:hover,a.btn-fav:active{background-color:#FFF0E2;border-color:#EDCEBA;color:#99776B;font-weight:normal}.fav-add,.fav-add:link,.fav-add:hover{background:url("../images/collect_like.png") no-repeat scroll 8px 3px transparent;}.fav-cancel,.fav-cancel:link,.fav-cancel:hover{background:url("../images/collect_like.png") no-repeat scroll 8px -17px transparent;}.fav-num{color:#666666;display:inline-block;}.fleft{float:left;}.fright{float:right;}#footer{height:60px;line-height:60px;padding-top:15px}.other{margin-right:30px;}.winlist{padding-left:15px}.winlist ul li{font-size:14px;line-height:25px}.winlist ul li span.date{margin-right:10px}.ewmthumb{position:relative;z-index:0;}.ewmthumb:hover{background-color:transparent;z-index:50;}.ewmthumb span{position:absolute;background-color:lightyellow;padding:1px;left:-1000px;border:0px dashed gray;visibility:hidden;color:black;text-decoration:none;}.ewmthumb span img{position:absolute;border-width:0;padding:2px;}.ewmthumb:hover span{visibility:visible;top:17px;left:-90px;}.wxewm{float:right;height:24px;line-height:24px;margin-top:45px;padding-left:1px;width:20px;}.go-to-wrapper{font-size:14px;width:1120px;height:98px;background:transparent;margin-left:-560px;position:fixed;left:50%;bottom:96px;z-index:1;}@media (max-width: 1119px) {.go-to-wrapper{width:auto;margin-left:0;padding-right:12px;left:auto;right:0;z-index:9999;}}@media (max-width: 767px) {.go-to-wrapper{display:none;}}.go-to{float:right;width:48px;}.go-to li{display:none;width:36px;height:36px;text-indent:-9999em;background:#a1acb5 url("../images/go-to.png") no-repeat;overflow:hidden;margin-top:2px;padding:6px;}.go-to li:hover{text-indent:0;background-image:none;}#go-to-comment{background-position:center top;margin-top:0;}#back-to-top{background-position:center -48px;}#bugDetail #go-to-comment{display:block;background-position:center top;}#go-to-feedback{display:block;background-position:center -96px;}.go-to li a{color:#fff;line-height:18px;}.go-to li a:hover{text-decoration:none;}.month-wrapper{width:948px;height:22px;overflow:hidden;margin:12px auto -22px;position:relative;z-index:1;}.month-list{width:9999999px;height:22px;line-height:22px;position:absolute;top:0;left:0;}.month-list li{color:#002E8C;float:left;width:118.5px;text-align:left;}.chart-list{width:926px;height:38px;background:url("../images/charts-bg.png") no-repeat 22px bottom;margin:0 auto;padding-left:22px;position:relative;z-index:2;}.chart-list li{float:left;width:121px;height:38px;margin-left:-2px;cursor:pointer;position:relative;}.chart-list li:first-child{margin-left:0;}.chart-list li.active{background:url("../images/month-bg.png") no-repeat left bottom;z-index:2;}.golden{color:#ff8400;font-weight:bold;text-shadow:0 0 3px rgba(241,184,0,1);}.fieldset{width:870px;border:1px solid #ccc;margin:0 auto;}.fieldset legend{font-weight:bold;padding:0 12px;margin-left:12px;}.fieldset pre{width:846px;border-width:0;overflow:hidden;padding:12px 12px;}.fieldset .fieldset{width:846px;}.fieldset .fieldset pre{width:822px;}.text-ellipsis{display:inline-block;width:678px;overflow:hidden;white-space:nowrap;-o-text-overflow:ellipsis;text-overflow:ellipsis;}.table-cell-sm{width:538px;}.table-cell-xs{width:413px;}div#__cz_push_c_object_box__,div#ooDiv,a[id^="__czUnion_a"]{display:none!important;z-index:-1!important;}


--------------------------------------------------------------------------------
/flask/static/bugs/js/jquery.twbsPagination.js:
--------------------------------------------------------------------------------
  1 | /*!
  2 |  * jQuery pagination plugin v1.2.5
  3 |  * http://esimakin.github.io/twbs-pagination/
  4 |  *
  5 |  * Copyright 2014, Eugene Simakin
  6 |  * Released under Apache 2.0 license
  7 |  * http://apache.org/licenses/LICENSE-2.0.html
  8 |  */
  9 | ;
 10 | (function ($, window, document, undefined) {
 11 | 
 12 |     'use strict';
 13 | 
 14 |     var old = $.fn.twbsPagination;
 15 | 
 16 |     // PROTOTYPE AND CONSTRUCTOR
 17 | 
 18 |     var TwbsPagination = function (element, options) {
 19 |         this.$element = $(element);
 20 |         this.options = $.extend({}, $.fn.twbsPagination.defaults, options);
 21 | 
 22 |         if (this.options.startPage < 1 || this.options.startPage > this.options.totalPages) {
 23 |             throw new Error('Start page option is incorrect');
 24 |         }
 25 | 
 26 |         this.options.totalPages = parseInt(this.options.totalPages);
 27 |         if (isNaN(this.options.totalPages)) {
 28 |             throw new Error('Total pages option is not correct!');
 29 |         }
 30 | 
 31 |         this.options.visiblePages = parseInt(this.options.visiblePages);
 32 |         if (isNaN(this.options.visiblePages)) {
 33 |             throw new Error('Visible pages option is not correct!');
 34 |         }
 35 | 
 36 |         if (this.options.totalPages < this.options.visiblePages) {
 37 |             this.options.visiblePages = this.options.totalPages;
 38 |         }
 39 | 
 40 |         if (this.options.onPageClick instanceof Function) {
 41 |             this.$element.first().bind('page', this.options.onPageClick);
 42 |         }
 43 | 
 44 |         if (this.options.href) {
 45 |             var m, regexp = this.options.href.replace(/[-\/\\^$*+?.|[\]]/g, '\\$&');
 46 |             regexp = regexp.replace(this.options.hrefVariable, '(\\d+)');
 47 |             if ((m = new RegExp(regexp, 'i').exec(window.location.href)) != null) {
 48 |                 this.options.startPage = parseInt(m[1], 10);
 49 |             }
 50 |         }
 51 | 
 52 |         var tagName = (typeof this.$element.prop === 'function') ?
 53 |             this.$element.prop('tagName') : this.$element.attr('tagName');
 54 | 
 55 |         if (tagName === 'UL') {
 56 |             this.$listContainer = this.$element;
 57 |         } else {
 58 |             this.$listContainer = $('<ul></ul>');
 59 |         }
 60 | 
 61 |         this.$listContainer.addClass(this.options.paginationClass);
 62 | 
 63 |         if (tagName !== 'UL') {
 64 |             this.$element.append(this.$listContainer);
 65 |         }
 66 | 
 67 |         this.render(this.getPages(this.options.startPage));
 68 |         this.setupEvents();
 69 | 
 70 |         return this;
 71 |     };
 72 | 
 73 |     TwbsPagination.prototype = {
 74 | 
 75 |         constructor: TwbsPagination,
 76 | 
 77 |         destroy: function () {
 78 |             this.$element.empty();
 79 |             this.$element.removeData('twbs-pagination');
 80 |             this.$element.unbind('page');
 81 |             return this;
 82 |         },
 83 | 
 84 |         show: function (page) {
 85 |             if (page < 1 || page > this.options.totalPages) {
 86 |                 throw new Error('Page is incorrect.');
 87 |             }
 88 | 
 89 |             this.render(this.getPages(page));
 90 |             this.setupEvents();
 91 | 
 92 |             this.$element.trigger('page', page);
 93 |             return this;
 94 |         },
 95 | 
 96 |         buildListItems: function (pages) {
 97 |             var $listItems = $();
 98 | 
 99 |             if (this.options.first) {
100 |                 $listItems = $listItems.add(this.buildItem('first', 1));
101 |             }
102 | 
103 |             if (this.options.prev) {
104 |                 var prev = pages.currentPage > 1 ? pages.currentPage - 1 : this.options.loop ? this.options.totalPages  : 1;
105 |                 $listItems = $listItems.add(this.buildItem('prev', prev));
106 |             }
107 | 
108 |             for (var i = 0; i < pages.numeric.length; i++) {
109 |                 $listItems = $listItems.add(this.buildItem('page', pages.numeric[i]));
110 |             }
111 | 
112 |             if (this.options.next) {
113 |                 var next = pages.currentPage < this.options.totalPages ? pages.currentPage + 1 : this.options.loop ? 1 : this.options.totalPages;
114 |                 $listItems = $listItems.add(this.buildItem('next', next));
115 |             }
116 | 
117 |             if (this.options.last) {
118 |                 $listItems = $listItems.add(this.buildItem('last', this.options.totalPages));
119 |             }
120 | 
121 |             return $listItems;
122 |         },
123 | 
124 |         buildItem: function (type, page) {
125 |             var itemContainer = $('<li></li>'),
126 |                 itemContent = $('<a></a>'),
127 |                 itemText = null;
128 | 
129 |             switch (type) {
130 |                 case 'page':
131 |                     itemText = page;
132 |                     itemContainer.addClass(this.options.pageClass);
133 |                     break;
134 |                 case 'first':
135 |                     itemText = this.options.first;
136 |                     itemContainer.addClass(this.options.firstClass);
137 |                     break;
138 |                 case 'prev':
139 |                     itemText = this.options.prev;
140 |                     itemContainer.addClass(this.options.prevClass);
141 |                     break;
142 |                 case 'next':
143 |                     itemText = this.options.next;
144 |                     itemContainer.addClass(this.options.nextClass);
145 |                     break;
146 |                 case 'last':
147 |                     itemText = this.options.last;
148 |                     itemContainer.addClass(this.options.lastClass);
149 |                     break;
150 |                 default:
151 |                     break;
152 |             }
153 | 
154 |             itemContainer.data('page', page);
155 |             itemContainer.data('page-type', type);
156 |             itemContainer.append(itemContent.attr('href', this.makeHref(page)).html(itemText));
157 |             return itemContainer;
158 |         },
159 | 
160 |         getPages: function (currentPage) {
161 |             var pages = [];
162 | 
163 |             var half = Math.floor(this.options.visiblePages / 2);
164 |             var start = currentPage - half + 1 - this.options.visiblePages % 2;
165 |             var end = currentPage + half;
166 | 
167 |             // handle boundary case
168 |             if (start <= 0) {
169 |                 start = 1;
170 |                 end = this.options.visiblePages;
171 |             }
172 |             if (end > this.options.totalPages) {
173 |                 start = this.options.totalPages - this.options.visiblePages + 1;
174 |                 end = this.options.totalPages;
175 |             }
176 | 
177 |             var itPage = start;
178 |             while (itPage <= end) {
179 |                 pages.push(itPage);
180 |                 itPage++;
181 |             }
182 | 
183 |             return {"currentPage": currentPage, "numeric": pages};
184 |         },
185 | 
186 |         render: function (pages) {
187 |             this.$listContainer.children().remove();
188 |             this.$listContainer.append(this.buildListItems(pages));
189 | 
190 |             var children = this.$listContainer.children();
191 |             children.filter(function () {
192 |                 return $(this).data('page') === pages.currentPage && $(this).data('page-type') === 'page';
193 |             }).addClass(this.options.activeClass);
194 | 
195 |             children.filter(function () {
196 |                 return $(this).data('page-type') === 'first';
197 |             }).toggleClass(this.options.disabledClass, pages.currentPage === 1);
198 | 
199 |             children.filter(function () {
200 |                 return $(this).data('page-type') === 'last';
201 |             }).toggleClass(this.options.disabledClass, pages.currentPage === this.options.totalPages);
202 | 
203 |             children.filter(function () {
204 |                 return $(this).data('page-type') === 'prev';
205 |             }).toggleClass(this.options.disabledClass, !this.options.loop && pages.currentPage === 1);
206 | 
207 |             children.filter(function () {
208 |                 return $(this).data('page-type') === 'next';
209 |             }).toggleClass(this.options.disabledClass, !this.options.loop && pages.currentPage === this.options.totalPages);
210 |         },
211 | 
212 |         setupEvents: function () {
213 |             var base = this;
214 |             this.$listContainer.find('li').each(function () {
215 |                 var $this = $(this);
216 |                 $this.off();
217 |                 if ($this.hasClass(base.options.disabledClass) || $this.hasClass(base.options.activeClass)) {
218 |                     $this.click(function (evt) {
219 |                         evt.preventDefault();
220 |                     });
221 |                     return;
222 |                 }
223 |                 $this.click(function (evt) {
224 |                     // Prevent click event if href is not set.
225 |                     !base.options.href && evt.preventDefault();
226 |                     base.show(parseInt($this.data('page'), 10));
227 |                 });
228 |             });
229 |         },
230 | 
231 |         makeHref: function (c) {
232 |             return this.options.href ? this.options.href.replace(this.options.hrefVariable, c) : "#";
233 |         }
234 | 
235 |     };
236 | 
237 |     // PLUGIN DEFINITION
238 | 
239 |     $.fn.twbsPagination = function (option) {
240 |         var args = Array.prototype.slice.call(arguments, 1);
241 |         var methodReturn;
242 | 
243 |         var $this = $(this);
244 |         var data = $this.data('twbs-pagination');
245 |         var options = typeof option === 'object' && option;
246 | 
247 |         if (!data) $this.data('twbs-pagination', (data = new TwbsPagination(this, options) ));
248 |         if (typeof option === 'string') methodReturn = data[ option ].apply(data, args);
249 | 
250 |         return ( methodReturn === undefined ) ? $this : methodReturn;
251 |     };
252 | 
253 |     $.fn.twbsPagination.defaults = {
254 |         totalPages: 0,
255 |         startPage: 1,
256 |         visiblePages: 5,
257 |         href: false,
258 |         hrefVariable: '{{number}}',
259 |         first: 'First',
260 |         prev: 'Previous',
261 |         next: 'Next',
262 |         last: 'Last',
263 |         loop: false,
264 |         onPageClick: null,
265 |         paginationClass: 'pagination',
266 |         nextClass: 'next',
267 |         prevClass: 'prev',
268 |         lastClass: 'last',
269 |         firstClass: 'first',
270 |         pageClass: 'page',
271 |         activeClass: 'active',
272 |         disabledClass: 'disabled'
273 |     };
274 | 
275 |     $.fn.twbsPagination.Constructor = TwbsPagination;
276 | 
277 |     $.fn.twbsPagination.noConflict = function () {
278 |         $.fn.twbsPagination = old;
279 |         return this;
280 |     };
281 | 
282 | })(jQuery, window, document);
283 | 


--------------------------------------------------------------------------------
/flask/templates/base.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="zh-CN">
 3 | <head>
 4 |     <meta charset="utf-8">
 5 |     <meta http-equiv="X-UA-Compatible" content="IE=edge">
 6 |     <meta name="viewport" content="width=device-width, initial-scale=1">
 7 |     <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
 8 |     <meta name="description" content="wooyun public">
 9 |     <meta name="author" content="hanc00l">
10 |     <title>{{title}}</title>
11 |     <!-- 新 Bootstrap 核心 CSS 文件 -->
12 |     <link rel="stylesheet" href="static/bugs/bootstrap/css/bootstrap.min.css">
13 |     <!-- 可选的Bootstrap主题文件（一般不用引入） -->
14 |     <link rel="stylesheet" href="static/bugs/bootstrap/css/bootstrap-theme.min.css">
15 |     <!-- jQuery文件。务必在bootstrap.min.js 之前引入 -->
16 |     <script src="static/bugs/js/jquery-1.11.3.min.js"></script>
17 |     <!-- 最新的 Bootstrap 核心 JavaScript 文件 -->
18 |     <script src="static/bugs/bootstrap/js/bootstrap.min.js"></script>
19 | </head>
20 | <body>
21 | <nav class="navbar navbar-inverse navbar-fixed-top">
22 |     <div class="container">
23 |         <div class="navbar-header">
24 |             <a class="navbar-brand" href="#">search for wooyun.org</a>
25 |         </div>
26 |         <div class="navbar-collapse collapse" role="navigation">           
27 |             <ul class="nav navbar-nav navbar-right">
28 |                 <li class="active"><a href="/">Home</a></li>
29 |                 <li><a href="#about">About</a></li>
30 |                 <li><a href="#contact">Contact</a></li>
31 |             </ul>
32 |         </div> <!-- navbar-collapse -->
33 |     </div> <!--/.container-->
34 | </nav><!--navbar -->
35 | 
36 | <hr>
37 | {% block content %}{% endblock %}
38 | 
39 | <footer class="footer">
40 |   <div class="container">
41 |     <div class="row footer-bottom">
42 |       <ul class="list-inline text-center">
43 |         <li>公开漏洞和知识库信息来自于<a href="http://www.wooyun.org/" target="_blank">wooyun.org</a></li>
44 |       </ul>
45 |     </div>
46 |   </div>
47 | </footer>
48 | </body>
49 | </html>
50 | 


--------------------------------------------------------------------------------
/flask/templates/index.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | {% block content %}
 3 | 
 4 | <div class="jumbotron masthead">
 5 |     <div class="row">
 6 |         <div class="col-sm-8  col-xs-12 col-sm-offset-2">
 7 |             <h2 class="text-center">乌云公开漏洞、知识库搜索&nbsp;&nbsp;<small><small>漏洞/文章数：{{total_count_bugs}}/{{total_count_drops}}</small></small></h2>
 8 |             <form class="form-horizontal" action="/search" method="get" name="login">
 9 |                 <div class="input-group">
10 |                     <input type="text" class="form-control " id="keywords" name="keywords" placeholder="输入搜索关键词……">
11 |                     <span class="input-group-btn">
12 |                     <button class="btn btn-default btn-primary" type="submit"><span class="glyphicon glyphicon-search"></button>
13 |                   </span>
14 |                 </div><!-- /input-group -->
15 |                 <br/>
16 |                 <div class="form-group">
17 |                   <div class="col-sm-8  col-sm-6">
18 |                     <div class="radio-inline">
19 |                           <label>
20 |                             <input type="radio" name="content_search_by" id="by_bugs" value="by_bugs" checked>乌云公开漏洞
21 |                           </label>
22 |                         </div>
23 |                         <div class="radio-inline">
24 |                           <label>
25 |                             <input type="radio" name="content_search_by" id="by_drops" value="by_drops">
26 |                             乌云知识库
27 |                           </label>
28 |                         </div>
29 |                     </div>
30 | 				  <div class="col-sm-4 col-xs-6">
31 | 						<div class="checkbox">
32 | 					    	<label>
33 | 					      		<input type="checkbox" name="search_by_html" value="true"> 全文搜索
34 | 					    	</label>
35 | 					  	</div>
36 | 				  </div>
37 | 			    </div>
38 |             </form>
39 |         </div>
40 |     </div>
41 | </div>
42 | 
43 | <div class="container projects">
44 | </div>
45 | 
46 | {% endblock %}
47 | 


--------------------------------------------------------------------------------
/flask/templates/search_bugs.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | {% block content %}
 3 | 	<div class="row">
 4 | 	  <div class="col-md-1"></div>
 5 | 	  <div class="col-md-10">
 6 | 		  <div>
 7 | 	  		<h2>关键字【{{keywords}}】的搜索结果<small>共{{page_info['total_rows']}}记录</small></h2>
 8 | 			  	<table class="table table-striped">
 9 | 			  	<tr>
10 | 			  		<th width="10%">提交时间</th>
11 | 			  		<th>标题</th>
12 | 			  		<th width="15%">漏洞类型</th>
13 | 			  		<th width="10%">提交者</th>
14 | 			  	</tr>
15 | 			  	{% for row in page_info['rows'] %}
16 | 			  	<tr>
17 | 			  		<td>{{row['datetime']}}</td>
18 | 			  		<td><a href="static/bugs/{{row['wooyun_id']}}.html" target="_blank">
19 | 			  			{{row['title']}}</a></td>
20 | 			  		<td><a href="http://www.wooyun.org/bugs/{{row['wooyun_id']}}" target="_blank">{{row['bug_type']}}</a></td>
21 | 			  		<td>{{row['author']}}</td>
22 | 			  	</tr>
23 | 			  	{% endfor %}
24 | 				</table>
25 | 				<!-- 分页组件js -->
26 | 				<script src="static/bugs/js/jquery.twbsPagination.js"></script>
27 | 				<ul id="pagination" class="pagination-sm"></ul>
28 | 				<script >
29 | 					 $(pagination).twbsPagination({
30 | 					 	first: "首页",
31 | 					 	prev: "前一页",
32 | 					 	next: "后一页",
33 | 					 	last: "尾页",
34 | 				        totalPages: {{page_info['total']}},
35 | 				        visiblePages: 5,
36 | 				        startPage: {{page_info['current']}},
37 | 				        onPageClick: function (event, page) {
38 | 				            location.href="/search?keywords={{keywords}}&&content_search_by=by_bugs&&search_by_html={{search_by_html}}&&page="+page;
39 | 				        }
40 | 				    });
41 | 				</script>
42 | 			</div>
43 | 	 	</div>
44 | 	  <div class="col-md-1"></div>
45 | 	</div>
46 | {% endblock %}


--------------------------------------------------------------------------------
/flask/templates/search_drops.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | {% block content %}
 3 | 	<div class="row">
 4 | 	  <div class="col-md-1"></div>
 5 | 	  <div class="col-md-10">
 6 | 		  <div>
 7 | 	  		<h2>关键字【{{keywords}}】的搜索结果<small>共{{page_info['total_rows']}}记录</small></h2>
 8 | 			  	<table class="table table-striped">
 9 | 			  	<tr>
10 | 			  		<th width="10%">发表时间</th>
11 | 			  		<th>标题</th>
12 | 			  		<th width="10%">文章类型</th>
13 | 			  		<th width="15%">作者</th>
14 | 			  	</tr>
15 | 			  	{% for row in page_info['rows'] %}
16 | 			  	<tr>
17 | 			  		<td>{{row['datetime']}}</td>
18 | 			  		<td><a href="static/drops/{{row['url_local']}}" target="_blank">
19 | 			  			{{row['title']}}</a></td>
20 | 			  		<td><a href="{{row['url']}}" target="_blank">{{row['category']}}</a></td>
21 | 
22 | 			  		<td>{{row['author']}}</td>
23 | 			  	</tr>
24 | 			  	{% endfor %}
25 | 				</table>
26 | 				<!-- 分页组件js -->
27 | 				<script src="static/bugs/js/jquery.twbsPagination.js"></script>
28 | 				<ul id="pagination" class="pagination-sm"></ul>
29 | 				<script >
30 | 					 $(pagination).twbsPagination({
31 | 					 	first: "首页",
32 | 					 	prev: "前一页",
33 | 					 	next: "后一页",
34 | 					 	last: "尾页",
35 | 				        totalPages: {{page_info['total']}},
36 | 				        visiblePages: 5,
37 | 				        startPage: {{page_info['current']}},
38 | 				        onPageClick: function (event, page) {
39 | 				            location.href="/search?keywords={{keywords}}&&content_search_by=by_drops&&search_by_html={{search_by_html}}&&page="+page;
40 | 				        }
41 | 				    });
42 | 				</script>
43 | 			</div>
44 | 	 	</div>
45 | 	  <div class="col-md-1"></div>
46 | 	</div>
47 | {% endblock %}


--------------------------------------------------------------------------------
/index.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/index.png


--------------------------------------------------------------------------------
/index_final.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/index_final.png


--------------------------------------------------------------------------------
/install.md:
--------------------------------------------------------------------------------
 1 | wooyun_public在Ubuntu下的安装
 2 | =============================
 3 | 
 4 | 以下为在ubuntu14.04和16.04的安装过程，需要安装的依赖组件：
 5 | 
 6 | + python 2.7和pip
 7 | + mongodb
 8 | + scrapy 
 9 | + flask 或 tornado
10 | + pymongo 
11 | 
12 | 步骤
13 | --------
14 | 1、安装python、pip、mongodb
15 | 
16 | ```bash
17 | sudo apt-get install python python-pip mongodb
18 | ```
19 | 2、安装scrapy
20 | 
21 | ```bash
22 | 安装scrapy如果报错，则先apt-get安装下述依赖包，然后安装pip安装lxml后即可正常安装scrapy
23 | sudo apt-get install libxml2-dev libxslt1-dev python-dev zlib1g-dev libevent-dev python-openssl
24 | 
25 | sudo pip install lxml
26 | sudo pip install scrapy
27 | ```
28 | 3、安装pymongo和flask（或tornado）
29 | 
30 | ```bash
31 | sudo pip install flask pymongo
32 | (sudo pip install tornado)
33 | ```
34 | 4、从github下载源码
35 | 
36 | ```bash
37 | git clone https://github.com/hanc00l/wooyun_public
38 | ```
39 | 
40 | 
41 | 


--------------------------------------------------------------------------------
/scrapy/wooyun/scrapy.cfg:
--------------------------------------------------------------------------------
 1 | # Automatically created by: scrapy startproject
 2 | #
 3 | # For more information about the [deploy] section see:
 4 | # https://scrapyd.readthedocs.org/en/latest/deploy.html
 5 | 
 6 | [settings]
 7 | default = wooyun.settings
 8 | 
 9 | [deploy]
10 | #url = http://localhost:6800/
11 | project = wooyun
12 | 


--------------------------------------------------------------------------------
/scrapy/wooyun/wooyun/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/scrapy/wooyun/wooyun/__init__.py


--------------------------------------------------------------------------------
/scrapy/wooyun/wooyun/items.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | # Define here the models for your scraped items
 4 | #
 5 | # See documentation in:
 6 | # http://doc.scrapy.org/en/latest/topics/items.html
 7 | 
 8 | import scrapy
 9 | 
10 | 
11 | class WooyunItem(scrapy.Item):
12 |     # define the fields for your item here like:
13 |     # name = scrapy.Field()
14 |     datetime = scrapy.Field()
15 |     datetime_open = scrapy.Field()
16 |     title = scrapy.Field()
17 |     wooyun_id = scrapy.Field()
18 |     author = scrapy.Field()
19 |     bug_type = scrapy.Field()
20 |     html = scrapy.Field()
21 |     #
22 |     image_urls = scrapy.Field()
23 |     images = scrapy.Field()
24 | 


--------------------------------------------------------------------------------
/scrapy/wooyun/wooyun/pipelines.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | import logging
 3 | import re
 4 | from datetime import datetime
 5 | import copy
 6 | import codecs
 7 | import pymongo
 8 | from scrapy.conf import settings
 9 | from scrapy.exceptions import DropItem
10 | 
11 | # Define your item pipelines here
12 | #
13 | # Don't forget to add your pipeline to the ITEM_PIPELINES setting
14 | # See: http://doc.scrapy.org/en/latest/topics/item-pipeline.html
15 | 
16 | class MongoDBPipeline(object):
17 |     def __init__(self):
18 |         self.connection_string = "mongodb://%s:%d" % (settings['MONGODB_SERVER'],settings['MONGODB_PORT'])
19 | 
20 |     def open_spider(self, spider):
21 |         self.client = pymongo.MongoClient(self.connection_string)
22 |         self.db = self.client[settings['MONGODB_DB']]
23 |         self.collection = self.db[settings['MONGODB_COLLECTION']]
24 |         self.log = logging.getLogger(spider.name)
25 | 
26 |     def close_spider(self, spider):
27 |         self.client.close()
28 | 
29 |     def process_item(self, item, spider):
30 |         #
31 |         post_data = copy.deepcopy(item)
32 |         post_data.pop('image_urls')
33 |         post_data.pop('images')
34 |         #
35 |         wooyun_id_exsist = True if self.collection.find({'wooyun_id':item['wooyun_id']}).count()>0 else False
36 |         if wooyun_id_exsist == False:
37 |             self.collection.insert_one(dict(post_data))
38 |             self.log.debug('wooyun_id:%s added to mongdb!'%item['wooyun_id'],)
39 |         else:
40 |             if spider.update:
41 |                 self.collection.update_one({'wooyun_id':item['wooyun_id']},{'$set':dict(post_data)})
42 |                 self.log.debug('wooyun_id:%s exist,update!' %item['wooyun_id'])
43 |             else:
44 |                 self.log.debug('wooyun_id:%s exist,not update!' %item['wooyun_id'])
45 | 
46 |         return item
47 | 
48 | class WooyunSaveToLocalPipeline(object):
49 |     def process_item(self,item,spider):
50 |         #
51 |         if spider.local_store == False:
52 |             return item
53 |         #
54 |         if item['wooyun_id'] == None or item['wooyun_id'] =='':
55 |             self.log.debug('There is none wooyun_id,this item do not be saved!')
56 |             return item
57 |         #
58 |         post_data = copy.deepcopy(item)
59 |         if self.__process_html(post_data) == False:
60 |             return item
61 |         #
62 |         path_name = settings['LOCAL_STORE'] + item['wooyun_id'] + '.html'
63 |         #save file as utf-8 format
64 |         with codecs.open(path_name,mode='w',encoding='utf-8',errors='ignore') as f:
65 |             f.write(post_data['html'])
66 | 
67 |         return item
68 | 
69 |     def __process_html(self,item):
70 |         if item['html'] == None or item['html'] == '':
71 |             self.log.debug('the wooyunid:%s html body is empty!'%item['wooyun_id'])
72 |             return False
73 |         #deal the img
74 |         for img in item['images']:
75 |             #处理部份图片存放于http://www.wooyun.org时，使用/upload/..形式的路径
76 |             if img['url'].startswith('http://www.wooyun.org'):
77 |                 img['url'] = img['url'].replace('http://www.wooyun.org','')
78 |             item['html'] = re.sub('<img src=[\'\"]%s[\'\"]'%img['url'],'<img src=\'%s\''%img['path'],item['html'])
79 |         #deal css
80 |         item['html'] = re.sub(r'<link href=\"/css/style\.css','<link href=\"css/style.css',item['html'])
81 |         #deal script
82 |         item['html'] = re.sub(r'<script src=\"https://static\.wooyun\.org/static/js/jquery\-1\.4\.2\.min\.js','<script src=\"js/jquery-1.4.2.min.js',item['html'])
83 | 
84 |         return True
85 | 


--------------------------------------------------------------------------------
/scrapy/wooyun/wooyun/settings.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | 
  3 | # Scrapy settings for wooyun project
  4 | #
  5 | # For simplicity, this file contains only settings considered important or
  6 | # commonly used. You can find more settings consulting the documentation:
  7 | #
  8 | #     http://doc.scrapy.org/en/latest/topics/settings.html
  9 | #     http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html
 10 | #     http://scrapy.readthedocs.org/en/latest/topics/spider-middleware.html
 11 | 
 12 | BOT_NAME = 'wooyun'
 13 | 
 14 | SPIDER_MODULES = ['wooyun.spiders']
 15 | NEWSPIDER_MODULE = 'wooyun.spiders'
 16 | 
 17 | #piplines
 18 | ITEM_PIPELINES = {
 19 |     'scrapy.pipelines.images.ImagesPipeline': 1,
 20 |     'wooyun.pipelines.MongoDBPipeline':100,
 21 |     'wooyun.pipelines.WooyunSaveToLocalPipeline':200
 22 | }
 23 | #the crawl default setting
 24 | PAGE_MAX_DEFAULT = 1
 25 | LOCAL_STORE_DEFAULT = 'false'
 26 | UPDATE_DEFAULT = 'false'
 27 | #save to local
 28 | LOCAL_STORE='../../flask/static/bugs/'
 29 | #image store
 30 | IMAGES_STORE = LOCAL_STORE
 31 | #save to mongdodb
 32 | MONGODB_SERVER = 'localhost'
 33 | MONGODB_PORT = 27017
 34 | MONGODB_DB = 'wooyun'
 35 | MONGODB_COLLECTION = 'wooyun_list'
 36 | #image ignored downoading
 37 | IMAGE_DOWLOAD_IGNORED = {
 38 |     'www.quip.com'
 39 | }
 40 | # Crawl responsibly by identifying yourself (and your website) on the user-agent
 41 | #USER_AGENT = 'wooyun (+http://www.yourdomain.com)'
 42 | 
 43 | # Configure maximum concurrent requests performed by Scrapy (default: 16)
 44 | #CONCURRENT_REQUESTS=32
 45 | 
 46 | # Configure a delay for requests for the same website (default: 0)
 47 | # See http://scrapy.readthedocs.org/en/latest/topics/settings.html#download-delay
 48 | # See also autothrottle settings and docs
 49 | #DOWNLOAD_DELAY=3
 50 | # The download delay setting will honor only one of:
 51 | #CONCURRENT_REQUESTS_PER_DOMAIN=16
 52 | #CONCURRENT_REQUESTS_PER_IP=16
 53 | 
 54 | # Disable cookies (enabled by default)
 55 | #COOKIES_ENABLED=False
 56 | 
 57 | # Disable Telnet Console (enabled by default)
 58 | #TELNETCONSOLE_ENABLED=False
 59 | 
 60 | # Override the default request headers:
 61 | #DEFAULT_REQUEST_HEADERS = {
 62 | #   'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 63 | #   'Accept-Language': 'en',
 64 | #}
 65 | 
 66 | # Enable or disable spider middlewares
 67 | # See http://scrapy.readthedocs.org/en/latest/topics/spider-middleware.html
 68 | #SPIDER_MIDDLEWARES = {
 69 | #    'wooyun.middlewares.MyCustomSpiderMiddleware': 543,
 70 | #}
 71 | 
 72 | # Enable or disable downloader middlewares
 73 | # See http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html
 74 | #DOWNLOADER_MIDDLEWARES = {
 75 | #    'wooyun.middlewares.MyCustomDownloaderMiddleware': 543,
 76 | #}
 77 | 
 78 | # Enable or disable extensions
 79 | # See http://scrapy.readthedocs.org/en/latest/topics/extensions.html
 80 | #EXTENSIONS = {
 81 | #    'scrapy.telnet.TelnetConsole': None,
 82 | #}
 83 | 
 84 | # Configure item pipelines
 85 | # See http://scrapy.readthedocs.org/en/latest/topics/item-pipeline.html
 86 | #ITEM_PIPELINES = {
 87 | #    'wooyun.pipelines.SomePipeline': 300,
 88 | #}
 89 | 
 90 | # Enable and configure the AutoThrottle extension (disabled by default)
 91 | # See http://doc.scrapy.org/en/latest/topics/autothrottle.html
 92 | # NOTE: AutoThrottle will honour the standard settings for concurrency and delay
 93 | #AUTOTHROTTLE_ENABLED=True
 94 | # The initial download delay
 95 | #AUTOTHROTTLE_START_DELAY=5
 96 | # The maximum download delay to be set in case of high latencies
 97 | #AUTOTHROTTLE_MAX_DELAY=60
 98 | # Enable showing throttling stats for every response received:
 99 | #AUTOTHROTTLE_DEBUG=False
100 | 
101 | # Enable and configure HTTP caching (disabled by default)
102 | # See http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html#httpcache-middleware-settings
103 | #HTTPCACHE_ENABLED=True
104 | #HTTPCACHE_EXPIRATION_SECS=0
105 | #HTTPCACHE_DIR='httpcache'
106 | #HTTPCACHE_IGNORE_HTTP_CODES=[]
107 | #HTTPCACHE_STORAGE='scrapy.extensions.httpcache.FilesystemCacheStorage'
108 | 


--------------------------------------------------------------------------------
/scrapy/wooyun/wooyun/spiders/WooyunSpider.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | from datetime import datetime
 3 | import pymongo
 4 | import scrapy
 5 | from wooyun.items import WooyunItem
 6 | from scrapy.conf import settings
 7 | 
 8 | 
 9 | class WooyunSpider(scrapy.Spider):
10 |     name = "wooyun"
11 |     allowed_domains = ["wooyun.org"]
12 |     start_urls = [
13 |         'http://wooyun.org/bugs/new_public/'
14 |     ]
15 | 
16 |     def __init__(self,page_max=settings['PAGE_MAX_DEFAULT'],local_store=settings['LOCAL_STORE_DEFAULT'],\
17 |             update=settings['UPDATE_DEFAULT'],*args, **kwargs):
18 |         self.page_max = int(page_max)
19 |         self.local_store = 'true' == local_store.lower()
20 |         self.update = 'true' == update.lower()
21 | 
22 |         self.connection_string = "mongodb://%s:%d" % (settings['MONGODB_SERVER'],settings['MONGODB_PORT'])
23 |         self.client = pymongo.MongoClient(self.connection_string)
24 |         self.db = self.client[settings['MONGODB_DB']]
25 |         self.collection = self.db[settings['MONGODB_COLLECTION']]
26 | 
27 |     def closed(self,reason):
28 |         self.client.close()
29 | 
30 |     def parse(self, response):
31 |         total_pages = response.xpath("//p[@class='page']/text()").re('\d+')[1]
32 |         if self.page_max == 0:
33 |             end_page = int(total_pages)
34 |         else:
35 |             end_page = self.page_max
36 |         for n in range(1,end_page + 1):
37 |             page = "/bugs/new_public/page/%d" %n
38 |             url = response.urljoin(page)
39 |             yield scrapy.Request(url, self.parse_list)
40 | 
41 |     def parse_list(self,response):
42 |         links = response.xpath('//tbody/tr/td/a/@href').extract()
43 |         for url in links:
44 |             wooyun_id = url.split('/')[2]
45 |             if self.update == True or self.__search_mongodb(wooyun_id) == False:
46 |                 url = response.urljoin(url)
47 |                 yield scrapy.Request(url, self.parse_detail)
48 | 
49 |     def parse_detail(self,response):
50 |         item = WooyunItem()
51 |         item['wooyun_id'] = response.xpath('//*[@id="bugDetail"]/div[5]/h3[1]/a/@href').extract()[0].split('/')[2]
52 |         item['title'] = response.xpath('//title/text()').extract()[0].split("|")[0]
53 |         item['bug_type'] = response.xpath("//h3[@class='wybug_type']/text()").extract()[0].split(u'：')[1].strip()
54 |         #item['bug_type'] = response.xpath('//*[@id="bugDetail"]/div[5]/h3[7]/text()').extract()[0].split(u'：')[1].strip()
55 |         #some author not text,for examp:
56 |         #http://wooyun.org/bugs/wooyun-2010-01010
57 |         #there will be error while parse author,so do this
58 |         try:
59 |             #item['author'] = response.xpath("//h3[@class='wybug_author']/a/text()").extract()[0]
60 |             item['author'] = response.xpath('//*[@id="bugDetail"]/div[5]/h3[4]/a/text()').extract()[0]
61 |         except:
62 |             item['author'] ='<Parse Error>'
63 |         #the response.body type is str,so we need to convert to utf-8
64 |         #if not utf-8,saving to mongodb may have some troubles
65 |         item['html'] = response.body.decode('utf-8','ignore')
66 |         #dt = response.xpath("//h3[@class='wybug_date']/text()").re("[\d+]{4}-[\d+]{2}-[\d+]{2}")[0].split('-')
67 |         dt = response.xpath('//*[@id="bugDetail"]/div[5]/h3[5]/text()').re("[\d+]{4}-[\d+]{2}-[\d+]{2}")[0].split('-')
68 |         item['datetime'] = datetime(int(dt[0]),int(dt[1]),int(dt[2]))
69 |         #dt = response.xpath("//h3[@class='wybug_open_date']/text()").re("[\d+]{4}-[\d+]{2}-[\d+]{2}")[0].split('-')
70 |         dt = response.xpath('//*[@id="bugDetail"]/div[5]/h3[6]/text()').re("[\d+]{4}-[\d+]{2}-[\d+]{2}")[0].split('-')
71 |         item['datetime_open'] = datetime(int(dt[0]),int(dt[1]),int(dt[2]))
72 |         #images url for download
73 |         item['image_urls']=[]
74 |         if self.local_store:
75 |             #乌云图片目前发两种格式，一种是http://static.wooyun.org/wooyun/upload/,另一格式是/upload/...
76 |             #因此，对后一种在爬取时，增加http://www.wooyun.org，以形成完整的url地址
77 |             #同时，在piplines.py存放时，作相应的反向处理
78 |             image_urls = response.xpath("//img[contains(@src, '/upload/')]/@src").extract()
79 |             for u in image_urls:
80 |                 if self.__check_ingnored_image(u):
81 |                     continue
82 |                 if u.startswith('/'):
83 |                     u = 'http://www.wooyun.org' + u
84 |                 item['image_urls'].append(u)
85 |         return item
86 | 
87 |     def __check_ingnored_image(self,image_url):
88 |         for ignored_url in settings['IMAGE_DOWLOAD_IGNORED']:
89 |             if ignored_url in image_url:
90 |                 return True
91 | 
92 |         return False
93 |         
94 |     def __search_mongodb(self,wooyun_id):
95 |         #
96 |         wooyun_id_exsist = True if self.collection.find({'wooyun_id':wooyun_id}).count()>0 else False
97 |         #
98 |         return wooyun_id_exsist
99 | 


--------------------------------------------------------------------------------
/scrapy/wooyun/wooyun/spiders/__init__.py:
--------------------------------------------------------------------------------
1 | # This package will contain the spiders of your Scrapy project
2 | #
3 | # Please refer to the documentation for information on how to create and manage
4 | # your spiders.
5 | 


--------------------------------------------------------------------------------
/scrapy/wooyun_drops/scrapy.cfg:
--------------------------------------------------------------------------------
 1 | # Automatically created by: scrapy startproject
 2 | #
 3 | # For more information about the [deploy] section see:
 4 | # https://scrapyd.readthedocs.org/en/latest/deploy.html
 5 | 
 6 | [settings]
 7 | default = wooyun_drops.settings
 8 | 
 9 | [deploy]
10 | #url = http://localhost:6800/
11 | project = wooyun_drops
12 | 


--------------------------------------------------------------------------------
/scrapy/wooyun_drops/wooyun_drops/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/scrapy/wooyun_drops/wooyun_drops/__init__.py


--------------------------------------------------------------------------------
/scrapy/wooyun_drops/wooyun_drops/items.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | # Define here the models for your scraped items
 4 | #
 5 | # See documentation in:
 6 | # http://doc.scrapy.org/en/latest/topics/items.html
 7 | 
 8 | import scrapy
 9 | 
10 | 
11 | class WooyunItem(scrapy.Item):
12 |     # define the fields for your item here like:
13 |     # name = scrapy.Field()
14 |     title = scrapy.Field()
15 |     author = scrapy.Field()
16 |     datetime = scrapy.Field()
17 |     category = scrapy.Field()
18 |     url = scrapy.Field()
19 |     html = scrapy.Field()
20 |     
21 |     image_urls = scrapy.Field() 
22 |     images = scrapy.Field()     
23 | 
24 | 


--------------------------------------------------------------------------------
/scrapy/wooyun_drops/wooyun_drops/pipelines.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | import logging
  3 | import re
  4 | from datetime import datetime
  5 | import copy
  6 | import codecs
  7 | import pymongo
  8 | from scrapy.conf import settings
  9 | from scrapy.exceptions import DropItem
 10 | 
 11 | # Define your item pipelines here
 12 | #
 13 | # Don't forget to add your pipeline to the ITEM_PIPELINES setting
 14 | # See: http://doc.scrapy.org/en/latest/topics/item-pipeline.html
 15 | 
 16 | class MongoDBPipeline(object):
 17 |     def __init__(self):
 18 |         self.connection_string = "mongodb://%s:%d" % (settings['MONGODB_SERVER'],settings['MONGODB_PORT'])
 19 |    
 20 |     def open_spider(self, spider):
 21 |         self.client = pymongo.MongoClient(self.connection_string)
 22 |         self.db = self.client[settings['MONGODB_DB']]
 23 |         self.collection = self.db[settings['MONGODB_COLLECTION']]
 24 |         self.log = logging.getLogger(spider.name)
 25 | 
 26 |     def close_spider(self, spider):
 27 |         self.client.close()
 28 | 
 29 |     def process_item(self, item, spider):
 30 |         #
 31 |         post_data = copy.deepcopy(item)
 32 |         post_data.pop('image_urls')
 33 |         post_data.pop('images')
 34 |         #
 35 |         post_data['category'] = self.__map_category(post_data['category'])
 36 |         #
 37 |         wooyun_drops_exsist = True if self.collection.find({'url':item['url']}).count()>0 else False
 38 |         if not wooyun_drops_exsist :
 39 |             self.collection.insert_one(dict(post_data))
 40 |             self.log.debug('wooyun_drop url:%s added to mongdb!'%item['url'],)
 41 |         else:
 42 |             if spider.update:
 43 |                 self.collection.update_one({'url':item['url']},{'$set':dict(post_data)})
 44 |                 self.log.debug('wooyun_drop url:%s exist,update!' %item['url'])
 45 |             else:
 46 |                 self.log.debug('wooyun_drop url:%s exist,not update!' %item['url'])
 47 | 
 48 |         return item
 49 | 
 50 |     def __map_category(self,category_name):
 51 |         category_map={'papers':u'漏洞分析','tips':u'技术分享','tools':u'工具收集','news':u'业界资讯',\
 52 |                         'web':u'web安全','pentesting':u'渗透案例','mobile':u'移动安全','wireless':u'无线安全',\
 53 |                         'database':u'数据库安全','binary':u'二进制安全'}
 54 |         if category_name in category_map:
 55 |             return category_map[category_name]
 56 | 
 57 |         return category_name
 58 | 
 59 | class WooyunSaveToLocalPipeline(object):
 60 |     def process_item(self,item,spider):
 61 |         #
 62 |         if not spider.local_store:
 63 |             return item
 64 |         #
 65 |         if item['url'] == None or item['url'] =='':
 66 |             self.log.debug('There is none wooyun_drop url,this item do not be saved!')
 67 |             return item
 68 |         #
 69 |         post_data = copy.deepcopy(item)
 70 |         if not self.__process_html(post_data):
 71 |             return item
 72 |         #
 73 |         path_name = settings['LOCAL_STORE'] + self.__process_local_filename(item['url'])
 74 |         #save file as utf-8 format
 75 |         with codecs.open(path_name,mode='w',encoding='utf-8',errors='ignore') as f:
 76 |             f.write(post_data['html'])
 77 |         
 78 |         return item
 79 | 
 80 |     def __process_local_filename(self,url):
 81 |         urlsep = url.split('//')[1].split('/')
 82 |         return '%s-%s.html'%(urlsep[1],urlsep[2])
 83 | 
 84 |     def __process_html(self,item):
 85 |         if item['html'] == None or item['html'] == '':
 86 |             self.log.debug('the wooyunid:%s html body is empty!'%item['wooyun_id'])
 87 |             return False
 88 |         jquery_js = "http://wooyun.b0.upaiyun.com/static/js/jquery.min.js"
 89 |         bootstrap_js = "http://wooyun.b0.upaiyun.com/static/js/bootstrap.min.js"
 90 |         main_css = "http://wooyun.b0.upaiyun.com/static/css/95e46879.main.css"
 91 |         bootstrap_css = "http://wooyun.b0.upaiyun.com/static/css/bootstrap.min.css"
 92 | 
 93 |         wooyun_jquery_js = "static/drops/js/jquery.js"
 94 |         wooyun_bootstrap_js = "static/dropsjs/bootstrap.min.js"
 95 |         wooyun_main_css = "static/drops/css/95e46879.main.css"
 96 |         wooyun_bootstrap_css = "static/drops/css/bootstrap.min.css"
 97 | 
 98 |         item['html'] = item['html'].replace(jquery_js, wooyun_jquery_js).replace(bootstrap_js, wooyun_bootstrap_js)
 99 |         item['html'] = item['html'].replace(main_css, wooyun_main_css).replace(bootstrap_css, wooyun_bootstrap_css)
100 |         
101 |         for it in item['images']:
102 |             item['html'] = item['html'].replace(it['url'], 'static/drops/%s'%it['path'])
103 | 
104 |         return True
105 | 
106 | 
107 | 


--------------------------------------------------------------------------------
/scrapy/wooyun_drops/wooyun_drops/settings.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | 
  3 | # Scrapy settings for wooyun_drops project
  4 | #
  5 | # For simplicity, this file contains only settings considered important or
  6 | # commonly used. You can find more settings consulting the documentation:
  7 | #
  8 | #     http://doc.scrapy.org/en/latest/topics/settings.html
  9 | #     http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html
 10 | #     http://scrapy.readthedocs.org/en/latest/topics/spider-middleware.html
 11 | 
 12 | BOT_NAME = 'wooyun_drops'
 13 | 
 14 | SPIDER_MODULES = ['wooyun_drops.spiders']
 15 | NEWSPIDER_MODULE = 'wooyun_drops.spiders'
 16 | 
 17 | #piplines
 18 | ITEM_PIPELINES = {
 19 |     'scrapy.pipelines.images.ImagesPipeline': 1,
 20 |     'wooyun_drops.pipelines.MongoDBPipeline':100,
 21 |     'wooyun_drops.pipelines.WooyunSaveToLocalPipeline':200
 22 | }
 23 | #the crawl default setting
 24 | PAGE_MAX_DEFAULT = 1
 25 | LOCAL_STORE_DEFAULT = 'true'
 26 | UPDATE_DEFAULT = 'false'
 27 | #save to local
 28 | LOCAL_STORE='../../flask/static/drops/'
 29 | #image store
 30 | IMAGES_STORE = LOCAL_STORE
 31 | #save to mongdodb
 32 | MONGODB_SERVER = 'localhost'
 33 | MONGODB_PORT = 27017
 34 | MONGODB_DB = 'wooyun'
 35 | MONGODB_COLLECTION = 'wooyun_drops'
 36 | # Crawl responsibly by identifying yourself (and your website) on the user-agent
 37 | #USER_AGENT = 'wooyun_drops (+http://www.yourdomain.com)'
 38 | 
 39 | # Configure maximum concurrent requests performed by Scrapy (default: 16)
 40 | #CONCURRENT_REQUESTS=32
 41 | 
 42 | # Configure a delay for requests for the same website (default: 0)
 43 | # See http://scrapy.readthedocs.org/en/latest/topics/settings.html#download-delay
 44 | # See also autothrottle settings and docs
 45 | #DOWNLOAD_DELAY=3
 46 | # The download delay setting will honor only one of:
 47 | #CONCURRENT_REQUESTS_PER_DOMAIN=16
 48 | #CONCURRENT_REQUESTS_PER_IP=16
 49 | 
 50 | # Disable cookies (enabled by default)
 51 | #COOKIES_ENABLED=False
 52 | 
 53 | # Disable Telnet Console (enabled by default)
 54 | #TELNETCONSOLE_ENABLED=False
 55 | 
 56 | # Override the default request headers:
 57 | #DEFAULT_REQUEST_HEADERS = {
 58 | #   'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 59 | #   'Accept-Language': 'en',
 60 | #}
 61 | 
 62 | # Enable or disable spider middlewares
 63 | # See http://scrapy.readthedocs.org/en/latest/topics/spider-middleware.html
 64 | #SPIDER_MIDDLEWARES = {
 65 | #    'wooyun_drops.middlewares.MyCustomSpiderMiddleware': 543,
 66 | #}
 67 | 
 68 | # Enable or disable downloader middlewares
 69 | # See http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html
 70 | #DOWNLOADER_MIDDLEWARES = {
 71 | #    'wooyun_drops.middlewares.MyCustomDownloaderMiddleware': 543,
 72 | #}
 73 | 
 74 | # Enable or disable extensions
 75 | # See http://scrapy.readthedocs.org/en/latest/topics/extensions.html
 76 | #EXTENSIONS = {
 77 | #    'scrapy.telnet.TelnetConsole': None,
 78 | #}
 79 | 
 80 | # Configure item pipelines
 81 | # See http://scrapy.readthedocs.org/en/latest/topics/item-pipeline.html
 82 | #ITEM_PIPELINES = {
 83 | #    'wooyun_drops.pipelines.SomePipeline': 300,
 84 | #}
 85 | 
 86 | # Enable and configure the AutoThrottle extension (disabled by default)
 87 | # See http://doc.scrapy.org/en/latest/topics/autothrottle.html
 88 | # NOTE: AutoThrottle will honour the standard settings for concurrency and delay
 89 | #AUTOTHROTTLE_ENABLED=True
 90 | # The initial download delay
 91 | #AUTOTHROTTLE_START_DELAY=5
 92 | # The maximum download delay to be set in case of high latencies
 93 | #AUTOTHROTTLE_MAX_DELAY=60
 94 | # Enable showing throttling stats for every response received:
 95 | #AUTOTHROTTLE_DEBUG=False
 96 | 
 97 | # Enable and configure HTTP caching (disabled by default)
 98 | # See http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html#httpcache-middleware-settings
 99 | #HTTPCACHE_ENABLED=True
100 | #HTTPCACHE_EXPIRATION_SECS=0
101 | #HTTPCACHE_DIR='httpcache'
102 | #HTTPCACHE_IGNORE_HTTP_CODES=[]
103 | #HTTPCACHE_STORAGE='scrapy.extensions.httpcache.FilesystemCacheStorage'
104 | 


--------------------------------------------------------------------------------
/scrapy/wooyun_drops/wooyun_drops/spiders/WooyunSpider.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | from datetime import datetime
 3 | from urllib import unquote
 4 | import pymongo
 5 | import scrapy
 6 | from wooyun_drops.items import WooyunItem
 7 | from scrapy.conf import settings
 8 | 
 9 | 
10 | class WooyunSpider(scrapy.Spider):
11 |     name = "wooyun"
12 |     allowed_domains = ["wooyun.org"]
13 |     start_urls = [
14 |         'http://drops.wooyun.org/'
15 |     ]
16 | 
17 |     def __init__(self,page_max=settings['PAGE_MAX_DEFAULT'],local_store=settings['LOCAL_STORE_DEFAULT'],\
18 |             update=settings['UPDATE_DEFAULT'],*args, **kwargs):
19 |         self.page_max = int(page_max)
20 |         self.local_store = 'true' == local_store.lower()
21 |         self.update = 'true' == update.lower()
22 | 
23 |         self.connection_string = "mongodb://%s:%d" % (settings['MONGODB_SERVER'],settings['MONGODB_PORT'])
24 |         self.client = pymongo.MongoClient(self.connection_string)
25 |         self.db = self.client[settings['MONGODB_DB']]
26 |         self.collection = self.db[settings['MONGODB_COLLECTION']]
27 | 
28 |     def closed(self,reason):
29 |         self.client.close()
30 | 
31 |     def parse(self, response):
32 |         # <span class="pages">第 1 页，共 80 页</span>
33 |         total_pages = response.xpath("//div[@class='wp-pagenavi']/span[@class = 'pages']/text()").re(u"共 (\d+) 页")[0]
34 |         if self.page_max == 0:
35 |             end_page = int(total_pages)
36 |         else:
37 |             end_page = self.page_max
38 | 
39 |         for page in range(1,end_page + 1):
40 |             page_url = "http://drops.wooyun.org/page/%d"%page
41 |             yield scrapy.Request(page_url, self.parse_post_urls)
42 | 
43 |     def parse_post_urls(self, response):
44 |         post_urls = response.xpath("//div[@class = 'post']/h2[@class = 'entry-title']/a/@href").extract()
45 |         for url in post_urls:
46 |             url = response.urljoin(url)
47 |             if self.update or not self.__search_mongodb(url):
48 |                 yield scrapy.Request(url, self.parse_detail)
49 | 
50 |     def parse_detail(self,response):
51 |         item = WooyunItem()
52 |         item['url'] = unquote(response.url)
53 |         item['category'] = unquote(response.url).split('//')[1].split('/')[1]
54 |         item['title'] = response.xpath("//title/text()").extract()[0].split(u"|")[0].strip()
55 |         item['author'] = response.xpath("//div[@class = 'entry-meta']/a/@href").extract()[0].split("/")[2]
56 |         dt = response.xpath("//div[@class = 'entry-meta']/time/text()").extract()[0].split(' ')[0].split('/')
57 |         dt_time = response.xpath("//div[@class = 'entry-meta']/time/text()").extract()[0].split(' ')[1].split(':')
58 |         item['datetime'] = datetime(int(dt[0]),int(dt[1]),int(dt[2]),int(dt_time[0]),int(dt_time[1]))
59 |         item['image_urls'] = []
60 |         if self.local_store:
61 |             image_urls = response.xpath("//p/img/@src").extract()
62 |             #skip the https image download
63 |             #skip www.quip.com,can'n be downloaded
64 |             for u in image_urls:
65 |                 if 'https://' not in u and 'www.quip.com' not in u:
66 |                     item['image_urls'].append(u)
67 | 
68 |         item['html'] = response.body.decode('utf-8','ignore')
69 | 
70 |         return item
71 | 
72 |     def __search_mongodb(self,url):
73 |         #
74 |         wooyun_drops_exsist = True if self.collection.find({'url':url}).count()>0 else False
75 |         #
76 |         return wooyun_drops_exsist
77 | 


--------------------------------------------------------------------------------
/scrapy/wooyun_drops/wooyun_drops/spiders/__init__.py:
--------------------------------------------------------------------------------
1 | # This package will contain the spiders of your Scrapy project
2 | #
3 | # Please refer to the documentation for information on how to create and manage
4 | # your spiders.
5 | 


--------------------------------------------------------------------------------
/search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/search.png


--------------------------------------------------------------------------------
/search_final.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/search_final.png


--------------------------------------------------------------------------------
/tornado/app.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | #-*- coding: utf-8 -*-
  3 | import os
  4 | import math
  5 | import re
  6 | import time
  7 | import urllib2
  8 | import pymongo
  9 | import tornado.ioloop
 10 | import tornado.web
 11 | # setting:
 12 | MONGODB_SERVER = 'localhost'
 13 | MONGODB_PORT = 27017
 14 | MONGODB_DB = 'wooyun'
 15 | MONGODB_COLLECTION_BUGS = 'wooyun_list'
 16 | MONGODB_COLLECTION_DROPS = 'wooyun_drops'
 17 | ROWS_PER_PAGE = 20
 18 | ELASTICSEARCH_HOST = 'localhost:9200'
 19 | #ELASTICSEARCH CHOOSE
 20 | #   auto:   auto detect elasticsearch ,if opened then use elasticsearch,else use mongodb
 21 | #   yes:    always use elasticsearch
 22 | #   no:     not use elasticsearch    
 23 | SEARCH_BY_ES = 'auto'
 24 | # monogodb connection string
 25 | connection_string = "mongodb://%s:%d" % (MONGODB_SERVER, MONGODB_PORT)
 26 | content = {'by_bugs':
 27 |            {'mongodb_collection': MONGODB_COLLECTION_BUGS, 'template_html': 'search_bugs.html'},
 28 |            'by_drops':
 29 |            {'mongodb_collection': MONGODB_COLLECTION_DROPS, 'template_html': 'search_drops.html'},
 30 |            }
 31 | 
 32 | def get_wooyun_total_count():
 33 |     client = pymongo.MongoClient(connection_string)
 34 |     db = client[MONGODB_DB]
 35 |     collection_bugs = db[MONGODB_COLLECTION_BUGS]
 36 |     total_count_bugs = collection_bugs.find().count()
 37 |     collection_drops = db[MONGODB_COLLECTION_DROPS]
 38 |     total_count_drops = collection_drops.find().count()
 39 |     client.close()
 40 | 
 41 |     return (total_count_bugs, total_count_drops)
 42 | 
 43 | def get_search_regex(keywords, search_by_html):
 44 |     keywords_regex = {}
 45 |     kws = [ks for ks in keywords.strip().split(' ') if ks != '']
 46 |     field_name = 'html' if search_by_html else 'title'
 47 |     if len(kws) > 0:
 48 |         reg_pattern = re.compile('|'.join(kws), re.IGNORECASE)
 49 |         # keywords_regex[field_name]={'$regex':'|'.join(kws)}
 50 |         keywords_regex[field_name] = reg_pattern
 51 | 
 52 |     return keywords_regex
 53 | 
 54 | 
 55 | def search_mongodb(keywords, page, content_search_by, search_by_html):
 56 |     client = pymongo.MongoClient(connection_string)
 57 |     db = client[MONGODB_DB]
 58 |     keywords_regex = get_search_regex(keywords, search_by_html)
 59 |     collection = db[content[content_search_by]['mongodb_collection']]
 60 |     # get the total count and page:
 61 |     total_rows = collection.find(keywords_regex).count()
 62 |     total_page = int(
 63 |         math.ceil(total_rows / (ROWS_PER_PAGE * 1.0)))
 64 |     page_info = {'current': page, 'total': total_page,
 65 |                  'total_rows': total_rows, 'rows': []}
 66 |     # get the page rows
 67 |     if total_page > 0 and page <= total_page:
 68 |         row_start = (page - 1) * ROWS_PER_PAGE
 69 |         cursors = collection.find(keywords_regex)\
 70 |             .sort('datetime', pymongo.DESCENDING).skip(row_start).limit(ROWS_PER_PAGE)
 71 |         for c in cursors:
 72 |             c['datetime'] = c['datetime'].strftime('%Y-%m-%d')
 73 |             if 'url' in c:
 74 |                 urlsep = c['url'].split('//')[1].split('/')
 75 |                 c['url_local'] = '%s-%s.html' % (urlsep[1], urlsep[2])
 76 |             page_info['rows'].append(c)
 77 |     client.close()
 78 |     #
 79 |     return page_info
 80 | 
 81 | def search_mongodb_by_es(keywords, page, content_search_by, search_by_html):
 82 |     from elasticsearch import Elasticsearch
 83 | 
 84 |     field_name = 'html' if search_by_html else 'title'
 85 |     page_info = {'current': page, 'total': 0,
 86 |                  'total_rows': 0, 'rows': []}
 87 |     # get the page rows
 88 |     if page >= 1 :
 89 |         row_start = (page - 1) * ROWS_PER_PAGE
 90 |         es = Elasticsearch([ELASTICSEARCH_HOST])
 91 |         if keywords.strip() == '':
 92 |             query_dsl = {
 93 |                 "query":    {
 94 |                     "filtered": {
 95 |                         "query":    {   
 96 |                             "match_all":{ }
 97 |                         }
 98 |                     }
 99 |                 },
100 |                 "sort": {"datetime":   {   "order":    "desc"  }},
101 |                 "from": row_start,
102 |                 "size": ROWS_PER_PAGE
103 |             }
104 |         else:   
105 |             query_dsl = {
106 |                 "query":    {
107 |                     "filtered": {
108 |                         "query":    {   
109 |                             "match":    { 
110 |                                 field_name : {
111 |                                     'query':keywords,
112 |                                     'operator':'and'
113 |                                 }
114 |                             }
115 |                         }
116 |                     }
117 |                 },
118 |                 "sort": {"datetime":   {   "order":    "desc"  }},
119 |                 "from": row_start,
120 |                 "size": ROWS_PER_PAGE
121 |             }
122 |         res = es.search(body=query_dsl,index=MONGODB_DB,doc_type=content[content_search_by]['mongodb_collection'])
123 |         #get total rows and pages
124 |         page_info['total_rows'] = res['hits']['total']
125 |         page_info['total'] = int(math.ceil(page_info['total_rows'] / (ROWS_PER_PAGE * 1.0)))
126 |         #get everyone row set
127 |         for doc in res['hits']['hits']:
128 |             c = doc['_source']
129 |             c['datetime'] = time.strftime('%Y-%m-%d',time.strptime(c['datetime'],'%Y-%m-%dT%H:%M:%S'))
130 |             if 'url' in c:
131 |                     urlsep = c['url'].split('//')[1].split('/')
132 |                     c['url_local'] = '%s-%s.html' % (urlsep[1], urlsep[2])
133 |             page_info['rows'].append(c)
134 |     
135 |     return page_info
136 | 
137 | def check_elastichsearch_open():
138 |     try:
139 |         html = urllib2.urlopen('http://%s' % ELASTICSEARCH_HOST).read()
140 |         if len(html) > 0:
141 |             return True
142 |         else:
143 |             return False
144 |     except:
145 |         return False
146 | 
147 |         
148 | class IndexHandler(tornado.web.RequestHandler):
149 |     def get(self):
150 |         total_count_bugs, total_count_drops = get_wooyun_total_count()
151 |         #
152 |         self.render('index.html', total_count_bugs=total_count_bugs, total_count_drops=total_count_drops, title=u'乌云公开漏洞、知识库搜索')
153 | 
154 | 
155 | class SearchHandler(tornado.web.RequestHandler):
156 |     def get(self):
157 |         keywords = self.get_argument('keywords')
158 |         page = int(self.get_argument('page', 1))
159 |         search_by_html = True if 'true' == self.get_argument(
160 |             'search_by_html', 'false').lower() else False
161 |         content_search_by = self.get_argument('content_search_by', 'by_bugs')
162 |         if page < 1:
163 |             page = 1
164 |         #search by elasticsearch or mongo
165 |         if SEARCH_BY_ES == 'yes' or ( SEARCH_BY_ES == 'auto' and check_elastichsearch_open() is True ):
166 |             page_info = search_mongodb_by_es(keywords, page, content_search_by, search_by_html)
167 |         else:
168 |             page_info = search_mongodb(keywords, page, content_search_by, search_by_html)
169 |         #
170 |         self.render(content[content_search_by]['template_html'], keywords=keywords, page_info=page_info, search_by_html=search_by_html, title=u'搜索结果-乌云公开漏洞、知识库搜索')
171 | 
172 | 
173 | class Application(tornado.web.Application):
174 |     def __init__(self):
175 |         handlers = [
176 |             (r"/", IndexHandler),
177 |             (r"/search", SearchHandler)
178 |         ]
179 |         settings = dict(
180 |             static_path= os.path.join(os.path.dirname(__file__), "../flask/static"),
181 |             template_path=os.path.join(os.path.dirname(__file__), "templates"),
182 |         )
183 |         tornado.web.Application.__init__(self, handlers, **settings)
184 | 
185 | def main():
186 |     port = 5000
187 |     application = Application()
188 |     application.listen(port)
189 | 
190 |     print('Listen on http://localhost:{0}'.format(port))
191 |     tornado.ioloop.IOLoop.instance().start()
192 | 
193 | if __name__ == "__main__":
194 |     main()
195 | 


--------------------------------------------------------------------------------
/tornado/templates/base.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="zh-CN">
 3 | <head>
 4 |     <meta charset="utf-8">
 5 |     <meta http-equiv="X-UA-Compatible" content="IE=edge">
 6 |     <meta name="viewport" content="width=device-width, initial-scale=1">
 7 |     <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
 8 |     <meta name="description" content="wooyun public">
 9 |     <meta name="author" content="hanc00l">
10 |     <title>{{title}}</title>
11 |     <!-- 新 Bootstrap 核心 CSS 文件 -->
12 |     <link rel="stylesheet" href="static/bugs/bootstrap/css/bootstrap.min.css">
13 |     <!-- 可选的Bootstrap主题文件（一般不用引入） -->
14 |     <link rel="stylesheet" href="static/bugs/bootstrap/css/bootstrap-theme.min.css">
15 |     <!-- jQuery文件。务必在bootstrap.min.js 之前引入 -->
16 |     <script src="static/bugs/js/jquery-1.11.3.min.js"></script>
17 |     <!-- 最新的 Bootstrap 核心 JavaScript 文件 -->
18 |     <script src="static/bugs/bootstrap/js/bootstrap.min.js"></script>
19 | </head>
20 | <body>
21 | <nav class="navbar navbar-inverse navbar-fixed-top">
22 |     <div class="container">
23 |         <div class="navbar-header">
24 |             <a class="navbar-brand" href="#">search for wooyun.org</a>
25 |         </div>
26 |         <div class="navbar-collapse collapse" role="navigation">           
27 |             <ul class="nav navbar-nav navbar-right">
28 |                 <li class="active"><a href="/">Home</a></li>
29 |                 <li><a href="#about">About</a></li>
30 |                 <li><a href="#contact">Contact</a></li>
31 |             </ul>
32 |         </div> <!-- navbar-collapse -->
33 |     </div> <!--/.container-->
34 | </nav><!--navbar -->
35 | 
36 | <hr>
37 | {% block content %}{% end %}
38 | 
39 | <footer class="footer">
40 |   <div class="container">
41 |     <div class="row footer-bottom">
42 |       <ul class="list-inline text-center">
43 |         <li>公开漏洞和知识库信息来自于<a href="http://www.wooyun.org/" target="_blank">wooyun.org</a></li>
44 |       </ul>
45 |     </div>
46 |   </div>
47 | </footer>
48 | </body>
49 | </html>
50 | 


--------------------------------------------------------------------------------
/tornado/templates/index.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | {% block content %}
 3 | 
 4 | <div class="jumbotron masthead">
 5 |     <div class="row">
 6 |         <div class="col-sm-8  col-xs-12 col-sm-offset-2">
 7 |             <h2 class="text-center">乌云公开漏洞、知识库搜索&nbsp;&nbsp;<small><small>漏洞/文章数：{{total_count_bugs}}/{{total_count_drops}}</small></small></h2>
 8 |             <form class="form-horizontal" action="/search" method="get" name="login">
 9 |                 <div class="input-group">
10 |                     <input type="text" class="form-control " id="keywords" name="keywords" placeholder="输入搜索关键词……">
11 |                     <span class="input-group-btn">
12 |                     <button class="btn btn-default btn-primary" type="submit"><span class="glyphicon glyphicon-search"></button>
13 |                   </span>
14 |                 </div><!-- /input-group -->
15 |                 <br/>
16 |                 <div class="form-group">
17 |                   <div class="col-sm-8  col-sm-6">
18 |                     <div class="radio-inline">
19 |                           <label>
20 |                             <input type="radio" name="content_search_by" id="by_bugs" value="by_bugs" checked>乌云公开漏洞
21 |                           </label>
22 |                         </div>
23 |                         <div class="radio-inline">
24 |                           <label>
25 |                             <input type="radio" name="content_search_by" id="by_drops" value="by_drops">
26 |                             乌云知识库
27 |                           </label>
28 |                         </div>
29 |                     </div>
30 | 				  <div class="col-sm-4 col-xs-6">
31 | 						<div class="checkbox">
32 | 					    	<label>
33 | 					      		<input type="checkbox" name="search_by_html" value="true"> 全文搜索
34 | 					    	</label>
35 | 					  	</div>
36 | 				  </div>
37 | 			    </div>
38 |             </form>
39 |         </div>
40 |     </div>
41 | </div>
42 | 
43 | <div class="container projects">
44 | </div>
45 | 
46 | {% end %}
47 | 


--------------------------------------------------------------------------------
/tornado/templates/search_bugs.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | {% block content %}
 3 | 	<div class="row">
 4 | 	  <div class="col-md-1"></div>
 5 | 	  <div class="col-md-10">
 6 | 		  <div>
 7 | 	  		<h2>关键字【{{keywords}}】的搜索结果<small>共{{page_info['total_rows']}}记录</small></h2>
 8 | 			  	<table class="table table-striped">
 9 | 			  	<tr>
10 | 			  		<th width="10%">提交时间</th>
11 | 			  		<th>标题</th>
12 | 			  		<th width="15%">漏洞类型</th>
13 | 			  		<th width="10%">提交者</th>
14 | 			  	</tr>
15 | 			  	{% for row in page_info['rows'] %}
16 | 			  	<tr>
17 | 			  		<td>{{row['datetime']}}</td>
18 | 			  		<td><a href="static/bugs/{{row['wooyun_id']}}.html" target="_blank">
19 | 			  			{{row['title']}}</a></td>
20 | 			  		<td><a href="http://www.wooyun.org/bugs/{{row['wooyun_id']}}" target="_blank">{{row['bug_type']}}</a></td>
21 | 			  		<td>{{row['author']}}</td>
22 | 			  	</tr>
23 | 			  	{% end %}
24 | 				</table>
25 | 				<!-- 分页组件js -->
26 | 				<script src="static/bugs/js/jquery.twbsPagination.js"></script>
27 | 				<ul id="pagination" class="pagination-sm"></ul>
28 | 				<script >
29 | 					 $(pagination).twbsPagination({
30 | 					 	first: "首页",
31 | 					 	prev: "前一页",
32 | 					 	next: "后一页",
33 | 					 	last: "尾页",
34 | 				        totalPages: {{page_info['total']}},
35 | 				        visiblePages: 5,
36 | 				        startPage: {{page_info['current']}},
37 | 				        onPageClick: function (event, page) {
38 | 				            location.href="/search?keywords={{keywords}}&&content_search_by=by_bugs&&search_by_html={{search_by_html}}&&page="+page;
39 | 				        }
40 | 				    });
41 | 				</script>
42 | 			</div>
43 | 	 	</div>
44 | 	  <div class="col-md-1"></div>
45 | 	</div>
46 | {% end %}


--------------------------------------------------------------------------------
/tornado/templates/search_drops.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | {% block content %}
 3 | 	<div class="row">
 4 | 	  <div class="col-md-1"></div>
 5 | 	  <div class="col-md-10">
 6 | 		  <div>
 7 | 	  		<h2>关键字【{{keywords}}】的搜索结果<small>共{{page_info['total_rows']}}记录</small></h2>
 8 | 			  	<table class="table table-striped">
 9 | 			  	<tr>
10 | 			  		<th width="10%">发表时间</th>
11 | 			  		<th>标题</th>
12 | 			  		<th width="10%">文章类型</th>
13 | 			  		<th width="15%">作者</th>
14 | 			  	</tr>
15 | 			  	{% for row in page_info['rows'] %}
16 | 			  	<tr>
17 | 			  		<td>{{row['datetime']}}</td>
18 | 			  		<td><a href="static/drops/{{row['url_local']}}" target="_blank">
19 | 			  			{{row['title']}}</a></td>
20 | 			  		<td><a href="{{row['url']}}" target="_blank">{{row['category']}}</a></td>
21 | 
22 | 			  		<td>{{row['author']}}</td>
23 | 			  	</tr>
24 | 			  	{% end %}
25 | 				</table>
26 | 				<!-- 分页组件js -->
27 | 				<script src="static/bugs/js/jquery.twbsPagination.js"></script>
28 | 				<ul id="pagination" class="pagination-sm"></ul>
29 | 				<script >
30 | 					 $(pagination).twbsPagination({
31 | 					 	first: "首页",
32 | 					 	prev: "前一页",
33 | 					 	next: "后一页",
34 | 					 	last: "尾页",
35 | 				        totalPages: {{page_info['total']}},
36 | 				        visiblePages: 5,
37 | 				        startPage: {{page_info['current']}},
38 | 				        onPageClick: function (event, page) {
39 | 				            location.href="/search?keywords={{keywords}}&&content_search_by=by_drops&&search_by_html={{search_by_html}}&&page="+page;
40 | 				        }
41 | 				    });
42 | 				</script>
43 | 			</div>
44 | 	 	</div>
45 | 	  <div class="col-md-1"></div>
46 | 	</div>
47 | {% end %}


--------------------------------------------------------------------------------
/update.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | mongod --config /usr/local/etc/mongod.conf &
 4 | 
 5 | cd scrapy/wooyun
 6 | scrapy crawl wooyun -a page_max=100
 7 | 
 8 | cd ../wooyun_drops
 9 | scrapy crawl wooyun -a page_max=10
10 | 
11 | cd ../../flask
12 | ./app.py
13 | 


--------------------------------------------------------------------------------
/wooyun_final/404.php:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE HTML>
 2 | <html>
 3 | <head>
 4 | <meta charset="UTF-8" />
 5 | <meta name="robots" content="none" />
 6 | <title>404 Not Found</title>
 7 | <style>
 8 | *{font-family:"Microsoft Yahei";margin:0;font-weight:lighter;text-decoration:none;text-align:center;line-height:2.2em;}
 9 | html,body{height:100%;}
10 | h1{font-size:100px;line-height:1em;}
11 | table{width:100%;height:100%;border:0;}
12 | </style>
13 | </head>
14 | <body>
15 | <table cellspacing="0" cellpadding="0">
16 | <tr>
17 | <td>
18 | <table cellspacing="0" cellpadding="0">
19 | <tr>
20 | <td>
21 | <h3>客官不要。。呃。。呃。。呃呃呃。。。。</h3>
22 | <p><img src=http://www.loner.fm/20160526091107.jpg width="30%" height="30%"/></p>
23 | </td>
24 | </tr>
25 | </table>
26 | </td>
27 | </tr>
28 | </table>
29 | </body>
30 | </html>


--------------------------------------------------------------------------------
/wooyun_final/bug_detail.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | require('conn.php');
  3 | include "comment.class.php";
  4 | @$chk_count = mysql_fetch_array($chk_count0);
  5 | @$wybug_id0=isset($_GET['wybug_id'])?$_GET['wybug_id']:'WooYun-2016-222083';
  6 | //@$wybug_id = str_replace("'","",$wybug_id0);
  7 | @$wybug_id=addslashes($wybug_id0);
  8 | @$bugs = mysql_query("select * from bugs where wybug_id='".$wybug_id."'");
  9 | @$bug_detail=mysql_fetch_array($bugs);
 10 | ?>
 11 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 12 | <html xmlns="http://www.w3.org/1999/xhtml">
 13 | <head>
 14 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 15 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 16 | <title> <?php echo $bug_detail['wybug_title'].' | '.$bug_detail['wybug_id'];?>| WooYun.org </title>
 17 | <meta name="author" content="80sec"/>
 18 | <meta name="copyright" content="http://www.wooyun.org/"/>
 19 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 20 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 21 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 22 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 23 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 24 | <script type="text/javascript" src="jquery.min.js"></script>
 25 | <script type="text/javascript" src="script.js"></script>
 26 | </head>
 27 | <body id="bugDetail">
 28 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 29 | <script type="text/javascript">
 30 | $(document).ready(function(){
 31 | 
 32 | 	if ( $("#__cz_push_d_object_box__") ) {
 33 | 		$("script[src^='']").attr("src"," ").remove();
 34 | 		$("#__cz_push_d_object_box__").empty().remove();
 35 | 		$("a[id^='__czUnion_a']").attr("href","#").remove();
 36 | 	}
 37 | 
 38 | 	if ( $("#ooDiv") ) {
 39 | 		$("#ooDiv").empty().parent("div").remove();
 40 | 	}
 41 | 
 42 | 	$("#myBugListTab").toggle(
 43 | 		function(){
 44 | 			$("#myBugList").css("display","block");
 45 | 		},
 46 | 		function(){
 47 | 			$("#myBugList").css("display","none");
 48 | 		}
 49 | 	);
 50 | 
 51 | 	if ( $(window).scrollTop() > 120 ) {
 52 | 		$("#back-to-top").fadeIn(300);
 53 | 	} else {
 54 | 		$("#back-to-top").fadeOut(300);
 55 | 	} 
 56 | 
 57 | 	$(window).scroll(function(){
 58 | 		if ( $(window).scrollTop() > 120 ) {
 59 | 			$("#back-to-top").fadeIn(300);
 60 | 		} else {
 61 | 			$("#back-to-top").fadeOut(300);
 62 | 		} 
 63 | 	});
 64 | 
 65 | 	$("#back-to-top a").click(function() {
 66 | 		$('body,html').animate({scrollTop:0},300);
 67 | 		return false;
 68 | 	});
 69 | 
 70 | 	$("#go-to-comment a").click(function() {
 71 | 		var t = $("#replys").offset().top - 52;
 72 | 		$('body,html').animate({scrollTop:t},300);
 73 | 		return false;
 74 | 	});
 75 | 
 76 | });
 77 | 
 78 | function gofeedback(){
 79 | 	var bugid=$("#fbid").val();
 80 | 	if(bugid){
 81 | 		var url="/feedback.php?wybug_id=" + "<?php echo $bug_detail['wybug_id'];?>";
 82 | 	}else{
 83 | 		var url="/feedback.php"
 84 | 	}
 85 | 	window.open(url);
 86 | }
 87 | </script>
 88 | <div class="go-to-wrapper">
 89 | <ul class="go-to">
 90 | <li id="go-to-comment" title="转到评论"><a href="#">转到评论</a></li>
 91 | <li id="go-to-feedback" title="我要反馈"><a href="javascript:void(0)" onclick="gofeedback()">我要反馈</a></li>
 92 | <li id="back-to-top" title="回到顶部"><a href="#">回到顶部</a></li>
 93 | </ul>
 94 | </div>
 95 | <div class="banner">
 96 | <div class="logo">
 97 | <h1>WooYun.org</h1>
 98 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 99 | </div>
100 | <div class="wxewm">
101 | <a class="ewmthumb" href="javascript:void(0)"><span><img src="picture/ewm.jpg"width="220" border="0"></span><img src="picture/weixin_30.png"width="22" border="0"></a>
102 | 		</div>
103 | 		</div>
104 | 		
105 | 				<div class="login">
106 | 									<?php 				   if(isset($_SESSION['username'])){
107 | 					 if(@$chk_count['is_fromwooyun'] == 1){
108 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
109 | 					 }
110 | 					 else{
111 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
112 | 					 }
113 |                   }else{
114 | 					  echo '<a href="user.php">登录</a> | <a class="reg">注册</a>';
115 | 				  }
116 | 				?>
117 | 				</div>
118 | 				</div>
119 | 
120 | 	<div class="nav" id="nav_sc">
121 | 				<ul>
122 | 			<li><a href="index.php">首页</a></li>
123 | 			<li><a href="corps.php">厂商列表</a></li>
124 | 			<li><a href="whitehats.php">白帽子</a></li>
125 | 			<li><a>乌云榜</a></li> 
126 |             <li><a>团队</a></li>
127 |             <li><a href="bugs.php">漏洞列表</a></li>
128 | 			<li class="new"><a>提交漏洞</a></li>
129 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
130 | 			<li><a>公告</a></li>
131 | 		</ul>
132 |         <form action="searchbug.php" method="get" id="searchbox">
133 | 	    <input type="checkbox" name="detail" id="detail"> 搜索漏洞详情
134 |             <input type="text" name="q" id="search_input" />
135 |             <input type="submit" value="搜索" id="search_button" />
136 |         </form>
137 | 	</div>
138 | 
139 | 	<div class="bread" style="padding-top: 4px;">
140 | 		<div style="float:left">当前位置：<a href="index.php">WooYun</a> >> <a href="#">漏洞信息</a></div>
141 | 	</div>
142 | 
143 | <div class="content">
144 | <input type="hidden" id="token" style="display:none" value="" />
145 | 		<h2>漏洞概要
146 | 		<span style="margin:0 0 0 580px; float:right; position:absolute; font-size:14px; font-weight:normal">关注数(<span id="attention_num">24</span>)
147 | 		<span id="attend_action">
148 | 		<a class="btn" href="javascript:void(0)" onclick="AttendBug(222083)">关注此漏洞</a></span>
149 | 		</span></h2>
150 | 		<h3>缺陷编号：<a href="bug_detail.php?wybug_id=<?php echo $bug_detail['wybug_id'].'">'.$bug_detail['wybug_id'];?></a>
151 | 		<input id="fbid" type="hidden" value="222083"></h3>
152 | 		<h3 class='wybug_title'>漏洞标题：<?php echo $bug_detail['wybug_title'];?></h3>
153 | 		<h3 class='wybug_corp'>相关厂商：<a href="corp_detail.php?corp=<?php echo $bug_detail['wybug_corp'].'">'.$bug_detail['wybug_corp'];?></a></h3>
154 | 		<h3 class='wybug_author'>漏洞作者：	<a href="whitehat_detail.php?whitehat=<?php echo $bug_detail['wybug_author'].'">'.$bug_detail['wybug_author'];?></a></h3>
155 | 		<h3 class='wybug_date'>提交时间：<?php echo $bug_detail['wybug_date'];?></h3>
156 | 		<h3>修复时间：<?php echo $bug_detail['wybug_open_date'];?></h3>
157 | 		<h3 class='wybug_open_date'>公开时间：<?php echo $bug_detail['wybug_open_date'];?></h3>
158 | 		<h3 class='wybug_type'>漏洞类型：<?php echo $bug_detail['wybug_type'];?></h3>
159 | 		<h3 class='wybug_level'>危害等级：<?php echo $bug_detail['wybug_level'];?></h3>
160 | 		<h3>自评Rank：<?php echo $bug_detail['wybug_rank_0'];?></h3>
161 | 		<h3 class='wybug_status'>漏洞状态：<?php echo $bug_detail['wybug_status'];?></h3>
162 | 
163 | 		<h3>漏洞来源：		<a href="http://www.wooyun.org">http://www.wooyun.org</a>，如有疑问或需要帮助请联系 <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="28404d4458685f4747515d4606475a4f">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script></h3>
164 | 		<h3>Tags标签：
165 | 												<span class="tag"><a><?php echo "无";?></a></span>
166 | 								
167 | </h3>
168 | 		<h3>
169 | 		<!-- Baidu Button BEGIN -->
170 |         <div id="share">
171 |         	<div style="float:right; margin-right:100px;font-size:12px">
172 |             <span class="fav-num"><a id="collection_num">4</a>人收藏</span>
173 | 			<a style="text-decoration:none; font-size:12px" href="javascript:void(0)" class="fav-add btn-fav">收藏</a>
174 | <script type="text/javascript">
175 | var token="";
176 | var id="<?php echo $bug_detail['wybug_id'];?>";
177 | 
178 | $(".btn-fav").click(function(){ CollectBug(id,token); });
179 | 
180 | </script>
181 | 			</div>
182 |             <span style="float:left;">分享漏洞：</span>
183 |             <div id="bdshare" class="bdshare_b" style="line-height: 12px;"><img src="picture/type-button-5_1.jpg" />
184 |                 <a class="shareCount"></a>
185 |             </div>
186 |         </div>
187 |         <!-- Baidu Button END -->
188 |     	</h3>
189 | 		<hr align="center"/<?php echo str_replace('static.loner.fm',$_SERVER['SERVER_ADDR'],$bug_detail['wybug_detail']);?>
190 | 		<hr align="center"/<?php echo $bug_detail['wybug_reply'];?>
191 | 					
192 | 		
193 | <hr align="center" />
194 | <script type="text/javascript">
195 | var bugid="<?php echo $bug_detail['wybug_id'];?>";
196 | var bugRating="-3";
197 | var myRating="";
198 | var ratingCount="0";
199 | 
200 | 
201 | 
202 | function ShowBugRating(k){
203 | 	var ratingItems=$(".myrating span");
204 | 	$.each(ratingItems,function(i,n){
205 | 		var nk=parseInt($(n).attr("rel"));
206 | 		if(nk<=k){
207 | 			$(n).addClass("on");
208 | 		}else{
209 | 			$(n).removeClass("on");
210 | 		}
211 | 	});
212 | 	$(".myrating span").hover(
213 | 		function(){
214 | 			$("#ratingShow").html($(this).attr("data-title"));
215 | 		},
216 | 		function(){
217 | 			$("#ratingShow").html("");
218 | 		}
219 | 	);
220 | }
221 | $(document).ready(function(){
222 | 	if(myRating==""){
223 | 		var ratingItems=$(".myrating span");
224 | 		$(".myrating span").hover(
225 | 			function(){
226 | 				$(this).addClass("hover");
227 | 				var k=parseInt($(this).attr("rel"));
228 | 				$.each(ratingItems,function(i,n){
229 | 					var nk=parseInt($(n).attr("rel"));
230 | 					if(nk<k) $(n).addClass("on");
231 | 					if(nk>k) $(n).removeClass("on");
232 | 				});
233 | 				$("#ratingShow").html($(this).attr("data-title"));
234 | 			},
235 | 			function(){
236 | 				$(this).removeClass("hover");
237 | 				if($("#myRating").val()==""){
238 | 					$.each(ratingItems,function(i,n){
239 | 						$(n).removeClass("on");
240 | 					});
241 | 				}
242 | 				$("#ratingShow").html("");
243 | 			}
244 | 		);
245 | 
246 | 		$(".myrating span").click(function(){
247 | 			var rating=$(this).attr("rel");
248 | 			var k=parseInt($(this).attr("rel"));
249 | 			$.post("/ajaxdo.php?module=bugrating",{"id":bugid,"rating":rating,"token":$("#token").val()},function(re){
250 | 				//消除操作绑定
251 | 				$(".myrating span").unbind();
252 | 				re=parseInt(re);
253 | 				switch(re){
254 | 					case 1:
255 | 						$("#ratingShow").html(_LANGJS.RATING_SUCCESS);
256 | 						$("#ratingSpan").html(parseInt($("#ratingSpan").html())+1);
257 | 						$.each(ratingItems,function(i,n){
258 | 							var nk=parseInt($(n).attr("rel"));
259 | 							if(nk<=k){
260 | 								$(n).addClass("on");
261 | 							}else{
262 | 								$(n).removeClass("on");
263 | 							}
264 | 						});
265 | 						ShowBugRating(rating);
266 | 						break;
267 | 					case 2:
268 | 						$("#ratingShow").html(_LANGJS.LOGIN_FIRST);
269 | 						break;
270 | 					case 4:
271 | 						$("#ratingShow").html(_LANGJS.RATING_BUGS_DONE);
272 | 						break;
273 | 					case 6:
274 | 						$("#ratingShow").html(_LANGJS.RATING_BUGS_SELF);
275 | 						break;
276 | 					default:break;
277 | 				}
278 | 			});
279 | 		});
280 | 	}else{
281 | 		if(ratingCount>2){
282 | 			ShowBugRating(bugRating);
283 | 		}else{
284 | 			ShowBugRating(-3);
285 | 		}
286 | 	}
287 | });
288 | 
289 | </script>
290 | 
291 | 
292 | 	</div>
293 | 	<div id="footer">
294 |         <span class="copyright fleft">
295 |     		Copyright &copy; 2010 - 2016 <a href="#">loner.fm</a>, All Rights Reserved
296 |     		<a href="http://www.miibeian.gov.cn/">京ICP备1s04a3x28号-1</a>
297 |     	</span>
298 |         <span class="other fright">
299 |                         <a>行业观点</a>
300 |             · <a>法律顾问</a>
301 |             · <a href="contact.php">联系我们</a>
302 |             · <a href="help.php">帮助</a>
303 |             · <a href="about.php">关于</a>
304 | 			
305 | 			
306 |         </span>
307 |     </div>
308 | <?php mysql_close($conn); ?>
309 | 
310 | 
311 | 
312 | 
313 | 
314 | </body>
315 | 
316 | </html>
317 | 


--------------------------------------------------------------------------------
/wooyun_final/bugs.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | require('conn.php');
  3 | 
  4 | ?>
  5 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  6 | <html xmlns="http://www.w3.org/1999/xhtml">
  7 | <head>
  8 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  9 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 10 | <title> 漏洞列表 | 乌云网 | WooYun.org </title>
 11 | <meta name="author" content="80sec"/>
 12 | <meta name="copyright" content="http://www.wooyun.org/"/>
 13 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 14 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 15 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 16 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 17 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
 18 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 19 | </head>
 20 | <body id="bugDetail">
 21 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 22 | 
 23 | <div class="banner">
 24 | <div class="logo">
 25 | <h1>WooYun.org</h1>
 26 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 27 | </div>
 28 | 
 29 | 		</div>
 30 | 		
 31 | 				<div class="login">
 32 | 									<?php 				   if(isset($_SESSION['username'])){
 33 | 					 if(@$chk_count['is_fromwooyun'] == 1){
 34 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
 35 | 					 }
 36 | 					 else{
 37 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
 38 | 					 }
 39 |                   }else{
 40 | 					  echo '<a href="../login.php">登录</a> | <a class="reg">注册</a>';
 41 | 				  }
 42 | 				?>
 43 | 				</div>
 44 | 				</div>
 45 | 
 46 | 	<div class="nav" id="nav_sc">
 47 | 				<ul>
 48 | 			<li><a href="index.php">首页</a></li>
 49 | 			<li><a href="corps.php">厂商列表</a></li>
 50 | 			<li><a href="whitehats.php">白帽子</a></li>
 51 | 			<li><a>乌云榜</a></li> 
 52 |             <li><a>团队</a></li>
 53 |             <li><a href="bugs.php">漏洞列表</a></li>
 54 | 			<li class="new"><a>提交漏洞</a></li>
 55 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
 56 | 			<li><a>公告</a></li>
 57 | 		</ul>
 58 |         <form action="searchbug.php" method="get" id="searchbox">
 59 |             <input type="text" name="q" id="search_input" />
 60 |             <input type="submit" value="搜索" id="search_button" />
 61 |         </form>
 62 | 	</div>
 63 | 
 64 | 	<div class="bread" style="padding-top: 4px;">
 65 | 		<div style="float:left">当前位置：<a href="index.php">首页</a> >> <a href="bugs.php">漏洞列表</a></div>
 66 | 			</div>
 67 | <div class="content">
 68 | <div style="padding:0 0 695px 0;">
 69 | 
 70 | <input type="hidden" id="token" style="display:none" value="" />
 71 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">漏洞列表</h3>
 72 | 	   <!-- <div  style="width:98%;text-align:left;font-size:15px;padding:5px 0 5px 10px;"><p style="line-height:35px;background-color:#BEBEBE;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WooYun将一切对安全极为感兴趣，对事物运行的原理有着天生的好奇心，愿意将技术回归技术，愿意为其他朋友做出贡献的人定义为白帽子，你可以通过在WooYun注册提交漏洞来成为白帽子中的一员</p>
 73 | 		</div>-->
 74 | <div class="wybug_date" style="padding:0 30px 0 30px;">
 75 | <input type="hidden" id="token" style="display:none" value="" />
 76 | <div class="wybug_date" style="padding:0 30px 0 30px;">
 77 | <ul style="font-size:14px;list-style:none;line-height:20px;">
 78 | <li style="width:14.3%;height:20px;background-color:#C4C4C4;float:left" >提交日期</li>
 79 | <li style="width:60%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.2%" >漏洞名称</li> 
 80 | <li style="width:15%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.2%" >作者</li> 
 81 | <li style="width:10%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.3%" >漏洞等级</li> 
 82 | </ul>
 83 | <?php    @$num = "30"; //每页显示30条
 84 | 		@$page=isset($_GET['page'])?intval($_GET['page']):1;				
 85 | 		@$total="88821"; //查询数据的总数total
 86 |         @$pagenum=ceil($total/$num);
 87 | 		if($page>$pagenum || $page == 0){
 88 |            exit;
 89 |         } 
 90 |   @$offset=($page-1)*$num;
 91 |   @$result_bugs = mysql_query("select * from bugs order by wybug_date desc limit $offset,30");
 92 |   while(@$row = mysql_fetch_array(@$result_bugs)){
 93 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
 94 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.@$row['wybug_date'].'</li>';
 95 | 	 echo '<li  style="width:60%;height:25px;background-color:#FFFFFF;float:left" ><a href="bug_detail.php?wybug_id='.@$row['wybug_id'].'">'.@$row['wybug_title'].'</a></li>';
 96 | 	  echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" ><a href="whitehat_detail.php?whitehat='.@$row['wybug_author'].'">'.@$row['wybug_author'].'</a></li>';
 97 | 	 echo '<li  style="width:10%;height:25px;background-color:#FFFFFF;float:left" >'.@$row['wybug_level'].'</li>';
 98 | 	 echo '</ul>';
 99 |  }
100 | 
101 | ?>
102 | 
103 | </div>
104 | <!--显示分页-start-->
105 | <div  style="float:right;padding:10px 30px 0 0"><?php 
106 | @$page = $_GET['page']?$_GET['page']:1;//当前页数，默认是1
107 | if($page==1){
108 | 	$prepage=1;
109 | }else{
110 | 	$prepage=@$page-1;
111 | }
112 | if($page==@$pagenum){
113 | 	$nextpage=@$pagenum;
114 | }else{
115 | 	$nextpage=@$page+1;
116 | }
117 | echo '<center> 共 88821 条记录';
118 | echo '，2961 页 ';
119 | echo '<a href="bugs.php?page=1">首页</a>|';
120 | echo '<a href="bugs.php?page='.@$prepage.'">上一页</a>|';
121 | echo '<a href="bugs.php?page='.@$nextpage.'">下一页</a>|';
122 | echo '<a href="bugs.php?page='.@$pagenum.'">末页</a></center>';
123 | ?>
124 | </div>
125 | <!--显示分页-end-->
126 | 
127 | 
128 | </div>
129 | <!--content-end-->
130 | </div>
131 | 	<div style="padding:110px 0 0 0;">
132 |         <span class="copyright fleft">
133 |     		Copyright &copy; 2010 - 2016 <a href="#">loner.fm</a>, All Rights Reserved
134 |     		<a href="http://www.miibeian.gov.cn/">京ICP备1s0a411238号-1</a>
135 |     	</span>
136 |         <span class="other fright" style="padding:20px 0 0 0">
137 |                         <a>行业观点</a>
138 |             · <a>法律顾问</a>
139 |             · <a href="contact.php">联系我们</a>
140 |             · <a href="help.php">帮助</a>
141 |             · <a href="about.php">关于</a>
142 |         </span>
143 |     </div>
144 | <?php  mysql_close(@$conn);?>
145 | </body>
146 | </html>


--------------------------------------------------------------------------------
/wooyun_final/conn.php:
--------------------------------------------------------------------------------
1 | <?php 
2 | @$conn=mysql_connect("localhost","root","root") or die("error connecting") ;
3 | mysql_select_db("wooyun", $conn);
4 | mysql_query("SET NAMES 'UTF8'"); 						 
5 | ?>


--------------------------------------------------------------------------------
/wooyun_final/contact.php:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 2 | <html xmlns="http://www.w3.org/1999/xhtml">
 3 | <head>
 4 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 5 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 6 | <title> 用户登录 | 乌云网 | WooYun.org </title>
 7 | <meta name="author" content="80sec"/>
 8 | <meta name="copyright" content="http://www.wooyun.org/"/>
 9 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
10 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
11 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
12 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
13 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
14 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
15 | <script type="text/javascript" src="js/jquery_1.7.2_jquery.min.js"></script>
16 | </head>
17 | <body id="bugDetail">
18 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
19 | 
20 | <div class="banner">
21 | <div class="logo">
22 | <h1>WooYun.org</h1>
23 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
24 | </div>
25 | 
26 | 		</div>
27 | 		
28 | 				<div class="login">
29 | 					<a href="user.php">登录</a> | <a class="reg" href="reg.php">注册</a>
30 | 				</div>
31 | 				</div>
32 | 
33 | 	<div class="nav" id="nav_sc">
34 | 				<ul>
35 | 			<li><a href="index.php">首页</a></li>
36 | 			<li><a href="corps.php">厂商列表</a></li>
37 | 			<li><a href="whitehats.php">白帽子</a></li>
38 | 			<li><a>乌云榜</a></li> 
39 |             <li><a>团队</a></li>
40 |             <li><a href="bugs.php">漏洞列表</a></li>
41 | 			<li class="new"><a>提交漏洞</a></li>
42 | 			<li><a href="../index.php" target="_blank" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
43 | 			<li><a>公告</a></li>
44 | 		</ul>
45 |         <form action="searchbug.php" method="get" id="searchbox">
46 |             <input type="text" name="q" id="search_input" />
47 |             <input type="submit" value="搜索" id="search_button" />
48 |         </form>
49 | 	</div>
50 | 
51 | 	<div class="bread" style="padding-top: 4px;">
52 | 		<div style="float:left">当前位置：<a href="user.php">WooYun</a> >> <a>联系我们</a></div>
53 | 			</div>
54 | <div class="content">
55 | <div style="padding:0 0 0 75px;">
56 | 
57 | <input type="hidden" id="token" style="display:none" value="" />
58 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">联系我们</h3>
59 | 		<div  style="width:98%;text-align:left;font-size:15px;padding:5px 0 5px 10px;"><p style="line-height:35px;background-color:#BEBEBE;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;QQ群：470311432 </p>
60 | 		</div>
61 | 		
62 | </div>
63 | <!--content-end-->
64 | </div>
65 | 	<div id="footer">
66 |         <span class="copyright fleft">
67 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
68 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
69 | 
70 |     	</span>
71 |         <span class="other fright">
72 |                         <a>行业观点</a>
73 |             · <a>法律顾问</a>
74 |             · <a href="contact.php">联系我们</a>
75 |             · <a href="help.php">帮助</a>
76 |             · <a href="about.php">关于</a>
77 |         </span>
78 |     </div>
79 | </body>
80 | </html>


--------------------------------------------------------------------------------
/wooyun_final/corp_detail.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | 
  3 | 
  4 | 
  5 | require('conn.php');
  6 | 
  7 | 
  8 | @$wybug_corp0=isset($_GET['corp'])?$_GET['corp']:'cncert国家互联网应急中心';
  9 | @$wybug_corp = str_replace("'","",$wybug_corp0);
 10 | @$corp = mysql_query("select * from bugs where wybug_corp='".$wybug_corp."'");
 11 | @$bugs_corp = mysql_fetch_array($corp);
 12 | @$corp_authors = mysql_query("select * from bugs where wybug_corp='".$wybug_corp."' group by wybug_author order by wybug_rank_fromcorp desc");
 13 | ?>
 14 | 
 15 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 16 | <html xmlns="http://www.w3.org/1999/xhtml">
 17 | <head>
 18 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 19 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 20 | <title> <?php echo @$bugs_corp['wybug_corp'];?> | 乌云网 | WooYun.org </title>
 21 | <meta name="author" content="80sec"/>
 22 | <meta name="copyright" content="http://www.wooyun.org/"/>
 23 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 24 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 25 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 26 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 27 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
 28 | 
 29 | <link href="css/whitehat_detail.css" rel="stylesheet" type="text/css"/>
 30 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 31 | </head>
 32 | <body id="bugDetail">
 33 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 34 | 
 35 | <div class="banner">
 36 | <div class="logo">
 37 | <h1>WooYun.org</h1>
 38 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 39 | </div>
 40 | 
 41 | 		</div>
 42 | 		
 43 | 				<div class="login">
 44 | 								<?php 				   if(isset($_SESSION['username'])){
 45 | 					 if(@$chk_count['is_fromwooyun'] == 1){
 46 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
 47 | 					 }
 48 | 					 else{
 49 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
 50 | 					 }
 51 |                   }else{
 52 | 					  echo '<a href="user.php">登录</a> | <a class="reg">注册</a>';
 53 | 				  }
 54 | 				?>
 55 | 				</div>
 56 | 				</div>
 57 | 
 58 | 	<div class="nav" id="nav_sc">
 59 | 				<ul>
 60 | 			<li><a href="index.php">首页</a></li>
 61 | 			<li><a href="corps.php">厂商列表</a></li>
 62 | 			<li><a href="whitehats.php">白帽子</a></li>
 63 | 			<li><a>乌云榜</a></li> 
 64 |             <li><a>团队</a></li>
 65 |             <li><a href="bugs.php">漏洞列表</a></li>
 66 | 			<li class="new"><a>提交漏洞</a></li>
 67 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
 68 | 			<li><a>公告</a></li>
 69 | 		</ul>
 70 |         <form action="searchbug.php" method="get" id="searchbox">
 71 |             <input type="text" name="q" id="search_input" />
 72 |             <input type="submit" value="搜索" id="search_button" />
 73 |         </form>
 74 | 	</div>
 75 | 
 76 | 	<div class="bread" style="padding-top: 4px;">
 77 | 		<div style="float:left">当前位置：<a href="index.php">首页</a> >> <a href="whitehat_detail.php?whitehat=<?php echo @$whitehats['whitehat'];?>">厂商信息</a></div>
 78 | 			</div>
 79 | <div class="content">
 80 | <!--头像标签开始-->
 81 | <input type="hidden" id="token" style="display:none" value="" />
 82 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0"><a href="corp_detail.php?corp=<?php echo @$bugs_corp['wybug_corp'];?>" style="font-size:20px;color:#000000"><strong><?php echo $bugs_corp['wybug_corp']?></strong></a></h3>
 83 | 		<div  style="width:93%;text-align:center;font-size:15px;padding:5px 0 5px 35px;">
 84 | 		<p style="text-align:left;line-height:35px;background-color:#d0d0d0;padding:0 0 0 20px;">暂无描述</p>
 85 | 		<p style="text-align:left;line-height:35px;background-color:#FFFFFF;">主页:http://</p>
 86 | 		<p style="text-align:left;line-height:35px;background-color:#FFFFFF;">漏洞感谢:</p>
 87 | 		<p style="text-align:left;line-height:35px;background-color:#d0d0d0;padding:0 0 0 20px;">感谢 <?php while(@$row00 = mysql_fetch_array($corp_authors)){
 88 | 			echo '<a href="whitehat_detail.php?whitehat=';
 89 | 			echo @$row00['wybug_author'].'">'.@$row00['wybug_author'].'</a> ';
 90 | 			
 91 | 		}?>对 <?php echo $bugs_corp['wybug_corp'];?>   的信息安全做出的贡献</p>
 92 | 		</div>
 93 | 
 94 | <div style="padding:0 0 200px 0;background-color:#d0d0d0;">
 95 |  <ul class="tabs">
 96 | <li>
 97 | <input type="radio" name="tabs" id="tab1" checked />
 98 | <label for="tab1">漏洞列表</label>
 99 | <div id="tab-content1" class="tab-content">
100 | <p><ul style="font-size:14px;list-style:none;line-height:20px;">
101 | <li style="width:15%;height:20px;background-color:#C4C4C4;float:left" >提交日期</li>
102 | <li style="width:60%;height:20px;background-color:#C4C4C4;float:left" >漏洞名称</li> 
103 | <li style="width:15%;height:20px;background-color:#C4C4C4;float:left" >作者</li> 
104 | <li style="width:10%;height:20px;background-color:#C4C4C4;float:left" >漏洞等级</li> 
105 | </ul>
106 | <?php    $num = "15"; //每页显示30条
107 | 		@$page=isset($_GET['page'])?intval($_GET['page']):1;				
108 | 		@$total=mysql_num_rows($corp); //查询数据的总数total
109 |         @$pagenum=ceil($total/$num);
110 | 		if($page>$pagenum || $page == 0){
111 |            exit;
112 |         } 
113 |   $offset=($page-1)*$num;
114 |    @$result_corp22 = mysql_query("select * from bugs where wybug_corp='".$wybug_corp."' order by wybug_date desc limit $offset,15");
115 |   while(@$row22 = mysql_fetch_array($result_corp22)){
116 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
117 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.$row22['wybug_date'].'</li>';
118 | 	 echo '<li  style="width:60%;height:25px;background-color:#FFFFFF;float:left" ><a href="bug_detail.php?wybug_id='.$row22['wybug_id'].'">'.$row22['wybug_title'].'</a></li>';
119 | 	  echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" ><a href="whitehat_detail.php?whitehat='.$row22['wybug_author'].'">'.$row22['wybug_author'].'</a></li>';
120 | 	 echo '<li  style="width:10%;height:25px;background-color:#FFFFFF;float:left" >'.$row22['wybug_level'].'</li>';
121 | 	 echo '</ul>';
122 |  }
123 | 
124 | ?></p>
125 | <div  style="float:right;padding:10px 30px 0 0"><?php 
126 | @$page = $_GET['page']?$_GET['page']:1;//当前页数，默认是1
127 | if($page==1){
128 | 	$prepage=1;
129 | }else{
130 | 	$prepage=$page-1;
131 | }
132 | if($page==$pagenum){
133 | 	$nextpage=$pagenum;
134 | }else{
135 | 	$nextpage=$page+1;
136 | }
137 | echo '<center> 共 '.$total.' 条记录';
138 | echo '，'.$pagenum.' 页 ';
139 | echo '<a href="corp_detail.php?corp='.@$bugs_corp['wybug_corp'].'&page=1">首页</a>|';
140 | echo '<a href="corp_detail.php?corp='.@$bugs_corp['wybug_corp'].'&page='.@$prepage.'">上一页</a>|';
141 | echo '<a href="corp_detail.php?corp='.@$bugs_corp['wybug_corp'].'&page='.@$nextpage.'">下一页</a>|';
142 | echo '<a href="corp_detail.php?corp='.@$bugs_corp['wybug_corp'].'&page='.@$pagenum.'">末页</a></center>';
143 | ?>
144 | </div>
145 | 
146 | 
147 | </div>
148 | </li>
149 | 
150 | </ul>
151 | 			</div>
152 | 
153 | </div>
154 | 	<div id="footer" style="padding-top:320px;background-color:#E0E4E7">
155 |         <span class="copyright fleft">
156 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
157 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
158 |     	</span>
159 |         <span class="other fright" style="padding:0 0 0 0">
160 |                         <a href="impression">行业观点</a>
161 |             · <a href="lawer">法律顾问</a>
162 |             · <a href="contactus">联系我们</a>
163 |             · <a href="help">帮助</a>
164 |             · <a href="about">关于</a>
165 |         </span>
166 |     </div>
167 | <?php  mysql_close($conn);?>
168 | </body>
169 | </html>


--------------------------------------------------------------------------------
/wooyun_final/corps.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | 
  3 | 
  4 | require('conn.php');
  5 | 
  6 | 
  7 | ?>
  8 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  9 | <html xmlns="http://www.w3.org/1999/xhtml">
 10 | <head>
 11 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 12 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 13 | <title> 厂商列表 | 乌云网 | WooYun.org </title>
 14 | <meta name="author" content="80sec"/>
 15 | <meta name="copyright" content="http://www.wooyun.org/"/>
 16 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 17 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 18 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 19 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 20 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
 21 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 22 | </head>
 23 | <body id="bugDetail">
 24 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 25 | 
 26 | <div class="banner">
 27 | <div class="logo">
 28 | <h1>WooYun.org</h1>
 29 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 30 | </div>
 31 | 
 32 | 		</div>
 33 | 		
 34 | 				<div class="login">
 35 | 								<?php 				   if(isset($_SESSION['username'])){
 36 | 					 if($chk_count['is_fromwooyun'] == 1){
 37 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
 38 | 					 }
 39 | 					 else{
 40 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
 41 | 					 }
 42 |                   }else{
 43 | 					  echo '<a href="user.php">登录</a> | <a class="reg">注册</a>';
 44 | 				  }
 45 | 				?>
 46 | 				</div>
 47 | 				</div>
 48 | 
 49 | 	<div class="nav" id="nav_sc">
 50 | 				<ul>
 51 | 			<li><a href="index.php">首页</a></li>
 52 | 			<li><a href="corps.php">厂商列表</a></li>
 53 | 			<li><a href="whitehats.php">白帽子</a></li>
 54 | 			<li><a>乌云榜</a></li> 
 55 |             <li><a>团队</a></li>
 56 |             <li><a href="bugs.php">漏洞列表</a></li>
 57 | 			<li class="new"><a>提交漏洞</a></li>
 58 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
 59 | 			<li><a>公告</a></li>
 60 | 		</ul>
 61 |         <form action="searchbug.php" method="get" id="searchbox">
 62 |             <input type="text" name="q" id="search_input" />
 63 |             <input type="submit" value="搜索" id="search_button" />
 64 |         </form>
 65 | 	</div>
 66 | 
 67 | 	<div class="bread" style="padding-top: 4px;">
 68 | 		<div style="float:left">当前位置：<a href="index.php">WooYun</a> >> <a>厂商信息</a></div>
 69 | 			</div>
 70 | <div class="content">
 71 | <div style="padding:0 0 675px 0;">
 72 | 
 73 | <input type="hidden" id="token" style="display:none" value="" />
 74 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">厂商列表(30)</h3>
 75 | 		<div  style="width:98%;text-align:center;font-size:15px;padding:5px 0 5px 10px;"><p style="align:center;line-height:35px;background-color:#ABABAB;">WooYun关注所有有力量影响互联网，改变人们生活的企业各种层面上的安全问题，你可以在WooYun注册为厂商来关注和修复自己企业的安全问题</p>
 76 | 		</div>
 77 | <div class="wybug_date" style="padding:0 30px 0 30px;">
 78 | 
 79 | <?php   @$result_data_desc = mysql_query("select wybug_date,wybug_corp,count(DISTINCT wybug_id) as count from bugs group by wybug_corp order by SUM(wybug_rank_fromcorp) desc limit 30");
 80 |   while(@$row = mysql_fetch_array(@$result_data_desc)){
 81 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
 82 | 	 echo '<li  style="width:20%;height:25px;background-color:#FFFFFF;float:left" >'.@$row['wybug_date'].'</li>';
 83 | 	 echo '<li  style="width:60%;height:25px;background-color:#FFFFFF;float:left" ><a href="corp_detail.php?corp='.@$row['wybug_corp'].'">'.@$row['wybug_corp'].'</a></li>';
 84 | 	 echo '<li  style="width:20%;height:25px;background-color:#FFFFFF;float:left" >'.@$row['count'].'</li>';
 85 | 	 echo '</ul>';
 86 |  }
 87 |  mysql_close(@$conn);
 88 | ?>
 89 | 
 90 | </div>
 91 | 
 92 | 
 93 | </div>
 94 | <!--content-end-->
 95 | </div>
 96 | 	<div id="footer">
 97 |         <span class="copyright fleft">
 98 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
 99 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
100 |     	</span>
101 |         <span class="other fright">
102 |                         <a href="impression">行业观点</a>
103 |             · <a href="lawer">法律顾问</a>
104 |             · <a href="contactus">联系我们</a>
105 |             · <a href="help">帮助</a>
106 |             · <a href="about">关于</a>
107 |         </span>
108 |     </div>
109 | </body>
110 | </html>


--------------------------------------------------------------------------------
/wooyun_final/css/index.css:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/css/index.css


--------------------------------------------------------------------------------
/wooyun_final/css/style.css:
--------------------------------------------------------------------------------
1 | *{margin:0;padding:0;}li{list-style:none;}img{border:none;}a{color:#002E8C;text-decoration:none;}a:hover{color:#F60;text-decoration:underline;}a.btn{border:#999 1px solid;background:#DDD;padding:3px 5px}table{border-spacing:0;border-collapse:collapse;}textarea{font-size:13px;}.fred{color:red;}.fbold{font-weight:bold;}.clear{clear:both;height:0;overflow:hidden}html,body{font:12px Verdana,"Microsoft YaHei",Helvetica,Arial,Sans-Serif;width:100%;height:100%;text-align:center;background:#E0E4E7 url("../images/bg.png") repeat-x top;}.banner,.login,.nav,.bread,.content,.support,#footer{width:1000px;margin:0 auto;text-align:left;background:#FFF;}.banner{height:100px;background:url("../images/topbg.png") repeat-x;position:relative;overflow:normal;z-index:99;clear:both}.banner h1{font-size:40px;height:100px;line-height:100px;text-indent:24px;}.logo{float:left;width:450px}.logo h1{float:left}.logo .weibo{float:left;margin-top:45px;padding-left:9px;height:24px;width:110px;line-height:24px;}.login{width:550px;height:22px;line-height:22px;text-align:right;float:right;}.login a.reg{margin-right:12px;}.remind{width:150px;float:right;background:#f0f0f0;border:#999 1px solid;padding:1px 0;margin:15px 13px 0 0;text-align:center}.nav{color:#B6B6B6;height:40px;line-height:40px;*line-height:42px;background:url("../images/navbg.png") repeat-x;overflow:hidden;position:relative;}.nav ul li{float:left;}.nav ul li a{float:left;color:#B6B6B6;text-decoration:none;background:url("../images/libg.gif") no-repeat right;padding:0 13px 0 12px;}.nav ul li a:hover{color:#FFF;}.nav p{float:right;height:24px;line-height:24px;text-align:right;padding:8px 12px;}.nav p input{float:right;height:22px;line-height:22px;border:1px solid #999;}.nav p a{float:right;display:block;width:29px;height:24px;margin-left:2px;}.bread{height:24px;line-height:24px;text-indent:12px;}.content{padding-top:10px;position:relative;z-index:2;}.content h3{font-size:14px;font-weight:normal;width:950px;text-indent:10px;margin:0 auto;padding-top:15px;word-break:break-all;word-wrap:break-word;}.content h3 a{font-weight:bold;}.content p.caption{width:936px;line-height:22px;text-indent:2em;border:1px solid #BBB;background:#D7D6DC;margin:10px auto 0;padding:6px;}.content p.corpCaption{display:none;}.content hr{color:#BBB;width:950px;height:0;border:none;border-top:1px solid #BBB;margin:10px auto 0;}.content h2{font-size:26px;width:950px;line-height:2em;margin:0 auto;}.content p.detail{font-size:13px;width:870px;line-height:25px;margin:0 auto;padding:5px 12px;word-break:break-all;word-wrap:break-word;}.content h5{font-size:14px;text-align:center;margin:10px auto 0;}.content h5 a{display:inline-block;height:32px;line-height:32px;text-decoration:none;border:1px solid #999;background:#DDD;padding:0 6px;margin:0 6px;}.corp{display:none;}.success{width:636px;height:122px;line-height:22px;text-align:center;border:1px solid #999;background:#DDD;margin:10px auto 0;padding:84px 6px 6px;}.classTable{width:950px;line-height:22px;border:none;margin:10px auto 0;}.classTable tbody tr th,.classTable tbody tr td{padding:0 6px;}.classTable tbody tr th{text-align:right;}.listTable{width:950px;line-height:22px;border:2px solid #FFF;margin:10px auto 0;}.listTable thead tr{background:#D7D6DC;}.listTable thead tr th{font-weight:normal;text-align:center;}.listTable tbody tr:hover{background-color:#ebebeb;}.listTable tr th,.listTable tr td{border:2px solid #FFF;padding:0 6px;white-space:nowrap;}.listTable tbody tr th{font-weight:normal;text-align:center;}.formTable{font-size:14px;width:950px;line-height:24px;border:none;margin:10px auto 0;}.formTable tbody tr th *,.formTable tbody tr td *{vertical-align:middle;}.formTable tbody tr th,.formTable tbody tr td{padding:3px 6px;white-space:nowrap;}.formTable tbody tr th{font-weight:normal;text-align:right;}.page{width:946px;text-align:right;margin:10px auto 0;padding:0 2px;}.page a{margin:0 5px;}.page a.current{font-weight:bold;text-decoration:underline;}.copyright{height:60px;line-height:60px;margin-left:30px;}.infoTab{width:750px;height:31px;border-bottom:1px solid #999;background:#DDD;margin:0 auto;position:relative;}.infoTab ul{width:726px;height:32px;padding:0 12px;position:absolute;bottom:-1px;right:0;}.infoTab ul li{float:right;height:24px;margin:7px 0 0 6px;padding:0 6px;}.infoTab ul li.current{border:1px solid #999;border-bottom:0;background:#FFF;}.infoTab ul li a{display:block;height:18px;line-height:18px;margin-top:3px;padding:0 6px 1px;*padding:1px 6px 0;*width:50px}.infoTab ul li a:hover{color:#FFF;text-decoration:none;background:#F60;}.infoTab ul li.current a:hover{color:#000;background:#FFF;cursor:default;}.infoContent{display:none;width:726px;margin:10px auto 0;padding:0 12px 10px;}.infoContent.block{display:block;}.infoContent .formTable{width:100%;}.infoContent .listTable{width:700px;}#list .listTable{margin-top:15px;}#userUpdate .content h2{width:750px;}#corpList .listTable{border:none;background:none;margin-top:15px;}#corpList .listTable tr th,#corpList .listTable tr td{border:none;padding:0 6px;white-space:nowrap;}#friends .classTable{width:900px;}#bugDetail .content h3{padding-top:5px;}#bugDetail .content h3.detailTitle{border-left:5px solid #999;margin-top:15px;}.remark{color:blue;display:none;font-size:12px;line-height:24px;}.error{color:red;font-size:12px;line-height:24px;margin-left:24px;}pre,code{font-family:Lucida Console,Courier New,Courier,mono,monospace;color:#333;background-color:#f8f8f8;}pre{border:1px #ccc solid;line-height:18px;overflow:auto;word-wrap:break-word;margin:0 auto;padding:4px 8px;width:852px;}.mainLeft{float:left;width:179px;border-right:1px dashed #333;padding:40px 10px 10px;}.mainLeft ul li{line-height:24px;list-style:square inside;}.mainRight{float:right;width:800px;}.infoLeftTab{width:947px;height:31px;border-bottom:1px solid #999;background:#DDD;margin:0 auto;margin-top:10px;position:relative;}.infoLeftTab ul{width:920px;height:32px;padding:0 12px;position:absolute;bottom:-1px;right:0;}.infoLeftTab ul li{float:left;height:24px;margin:7px 0 0 12px;padding:0 6px;}.infoLeftTab ul li.current{border:1px solid #999;border-bottom:0;background:#FFF;}.infoLeftTab ul li a{display:block;height:18px;line-height:18px;margin-top:3px;padding:0 6px 1px;*padding:1px 6px 0;*width:50px}.infoLeftTab ul li a:hover{color:#FFF;text-decoration:none;background:#F60;}.infoLeftTab ul li.current a:hover{color:#000;background:#FFF;cursor:default;}ul.corplist{margin:0;padding:0}ul.corplist li{float:left}ul.corplist li.current{border-bottom:#000 1px solid}span.small{margin-left:15px;font-size:12px;font-weight:normal}div.comment{margin:0 auto 15px auto;width:870px;text-align:left}dl.commentlist{width:650px}dl.commentlist dt{line-height:22px}dl.commentlist dt span.user{margin-left:15px}dl.commentlist dt span.user label{color:#555555;font-size:12px}dl.commentlist dd{line-height:25px;font-size:14px;padding:5px;word-wrap:break-word;border-bottom:1px dashed #ccc}.content .catrss{background:url("../images/catrss.png") no-repeat left;width:16px;height:11px;display:inline-block;margin-bottom:-1px;margin-left:5px;}.content .corprss{background:url("../images/corprss.png") no-repeat left;width:16px;height:16px;display:inline-block;margin-bottom:-4px;margin-left:5px;}.catrss:hover,.corprss:hover{text-decoration:none;}div.sms_content{width:600px;padding:10px 0 30px 0;word-wrap:break-word;word-break:break-all;table-layout:fixed;clear:both;white-space:-moz-pre-wrap;white-space:-hp-pre-wrap;white-space:-o-pre-wrap;white-space:-pre-wrap;white-space:pre;white-space:pre-wrap;white-space:pre-line}span.sms_time{font-size:12px;float:right;padding-right:20px}.fsize_13{font-size:13px}.csetip{margin:0 15px;font-size:14px}#searchbox{background:url("../images/search.png") no-repeat right;display:inline;float:right;height:24px;line-height:24px;padding:8px 0;margin:0 12px 0 0;}#search_input{height:22px;line-height:22px;width:151px;border:1px solid #999;}#search_button{background:none repeat scroll 0 0 transparent;border:medium none;cursor:pointer;width:29px;height:24px;text-indent:-1000px;}#share{height:24px;line-height:24px;font-size:14px;}.jobshare{margin:10px 0 0 65px;}.new{display:inline-block;background:url(../images/new.png) no-repeat 52px 3px;}.credit{height:16px;border:none;margin:0 0 -3px 5px;}.content .toctit{margin-bottom:5px;background:#eee;border-bottom:1px solid #999;padding:5px 0;margin-top:15px;}.content .toc{font-size:13px;line-height:25px;margin:0 auto;width:900px;margin-left:80px;}.content .toc li{list-style-type:decimal;}#help p,#about p,#lawer p{text-indent:2em;font-size:13px;line-height:25px;margin:0 auto;width:900px;word-wrap:break-word;}span.tag{text-align:center;margin-right:3px;padding:2px 5px;background:#E1E1E1}span.zonetag{font-size:12px;text-align:center;margin-right:4px;padding:3px 6px;background:#E1E1E1;border:#CCC 1px solid}.hot{width:932px;height:160px;border:1px solid #DDD;margin:0 auto;padding:0 8px 8px;overflow:hidden;position:relative;}.scrollContent{width:932px;position:absolute;top:0;left:8px;}.hotContent{width:932px;padding-bottom:8px;overflow:hidden;}.hot .listTable{float:left;width:522px;display:block;}.zoneIntro{float:right;width:376px;height:142px;line-height:1.5em;background:#EFEFEF;margin-top:6px;padding:6px 12px;}.zoneIntro h1{line-height:1.5em;font-size:18px;margin-bottom:5px;}.zoneIntro p{line-height:1.8em;text-indent:2em;}.zoneList{width:950px;height:22px;line-height:22px;margin:0 auto;padding-bottom:10px;}.zoneList li{float:left;display:block;margin-right:3px;}.zoneList li a{float:left;border:1px solid #DDD;background:#EEE;padding:0 6px;}.zoneList li a:hover{text-decoration:none;}.zoneList li.current a{color:#FFF;text-decoration:none;background:#F60;}.zoneList li.current a:hover{text-decoration:none;}.support{width:950px;border-top:1px solid #DDD;margin-top:12px;}.supportTable{border:none;margin-top:10px;}.supportTable tr th{font-size:15px;font-weight:bold;}.supportTable tr th,.supportTable tr td{padding:3px 6px;}.bugImg{min-width:200px;max-width:870px;width:auto;_width:600px;}.replys{margin:0 15px 15px 65px;}.replys .topic{width:100%;}.replylist .reply{border-bottom:1px solid #CCC;overflow:hidden;padding:15px 15px 0 15px;}.reply .description p{font-size:14px;margin-top:10px;}.replylist li{width:700px;}.fixed,.clear{clear:both;}.clearfix:after{content:".";display:block;clear:both;visibility:hidden;line-height:0;height:0;}.clearfix{display:inline-block;}.author-info .addtime,.replylist .addtime{font:12px Georgia,Verdana,Microsoft YaHei,Helvetica,Arial,Sans-Serif;color:#333;}.reply .reply-info{color:#999;}.reply .replylist-act{height:14px;float:right;padding-bottom:8px;}.reply .replylist-act .replyBtn{display:none;}.reply .replylist-act span.floor{display:block;float:right;margin-left:10px;color:#999}.paper-info h3{line-height:24px;padding:0;}.paper-toc{line-height:24px;margin-left:100px;}.paper-toc li{line-height:24px;}#paper{font-size:14px;}#paper .toc li{list-style:none;}#paper p{text-indent:2em;font-size:14px;line-height:25px;margin:0 auto;width:900px;word-wrap:break-word;}div.toc-sidebar{border:1px solid #ccc;background:none repeat scroll 0 0 #f8f8f8;float:right;position:fixed;top:4em;right:1em;z-index:1;border-radius:4px 4px 4px 4px;opacity:0.2;padding:3px;}div.toc-sidebar:hover{box-shadow:0 0 8px #666;opacity:1;}div.toc-sidebar ul{margin:0;padding:0 0 0 1em;}div.toc-sidebar>ul{padding:0;}div.toc-sidebar li{list-style-type:none;line-height:18px;overflow:hidden;margin:0;padding:0 0 0 18px;}.good_replys{background-color:#FFF;border:1px solid #999;width:730px;bottom:-100px;}.good_replys_title{font-size:20px;color:#FF6600;font-weight:bold;background:#EEEEEE;border-bottom:1px solid #999999;padding:5px 10px;}.good_replys_list{padding:0;}.good_replys_list .replylist{margin-bottom:-2px;}.content h5.rating{height:45px;margin:10px auto 0;width:320px;}.myrating{width:140px;}.myrating span{display:inline-block;width:21px;height:21px;background:url(../images/star-empty.png) center no-repeat;cursor:pointer}.myrating span.on{background:url(../images/star-new.png) center no-repeat}.myrating span.hover{background:url(../images/star-new-hover.png) center no-repeat}.ratingText,.myrating{float:left;}#ratingShow{width:350px;text-align:left;font-weight:normal;position:absolute;padding:0 0 0 18px}.ratingShow{text-align:left;font-weight:normal;position:absolute;padding:0 15px;background:#fff;text-indent:0}.likenums{margin-left:10px;color:red;}.likenum{position:relative;display:inline-block;top:0;height:14px;width:90px;vertical-align:-2px;_height:15px;}.likebox,.likepre,.likesuf{display:inline-block;height:16px;overflow-y:hidden;background:url(../images/likeicon.png);}.likebox{float:right;background-position:0 -19px;background-repeat:repeat-x;left:10px;}.likepre,.likesuf,.liketext{overflow:hidden;float:left;cursor:default;}.likepre{cursor:pointer;}.liketext{color:#2979A1;line-height:16px;font-size:11px;width:30px;text-align:center;}.liketext_min{width:35px;}.liketext_max{width:55px;}.likepre{width:20px;}.likesuf{width:3px;background-position:-32px 0;}#rating_wrap{font-size:10px;line-height:21px;height:110px;margin:3px auto 0;width:250px;}.starstop{float:left;background:url(../images/all_star.png);display:block;width:105px;height:21px;margin:0;}.stargray{float:left;background:url(../images/star_gray.png);display:block;width:105px;height:18px;margin:0;}.sub_ins .starstop{float:none;width:105px;display:inline;position:absolute;}.stars{display:inline-block;background:url(../images/all_star.png);width:105px;height:21px;margin:1px 0 0 7px;}.stars4{background-position:left 84px;}.stars3{background-position:left 63px;}.stars2{background-position:left 42px;}.stars1{background-position:left 21px;}.power{height:15px;float:left;background:#f5cbad;margin:3px 3px;}.itemcount{font-size:11px;}.btn-fav{border:1px solid #EDCEBA;border-radius:3px 3px 3px 3px;display:inline-block;height:19px;line-height:19px;margin-left:4px;overflow:hidden;padding:0 8px 0 20px;vertical-align:middle;}a.btn-fav:link,a.btn-fav:visited{background-color:#FFF6EE;border-color:#F2ECE7;color:#99776B;font-weight:normal}a.btn-fav:hover,a.btn-fav:active{background-color:#FFF0E2;border-color:#EDCEBA;color:#99776B;font-weight:normal}.fav-add,.fav-add:link,.fav-add:hover{background:url("../images/collect_like.png") no-repeat scroll 8px 3px transparent;}.fav-cancel,.fav-cancel:link,.fav-cancel:hover{background:url("../images/collect_like.png") no-repeat scroll 8px -17px transparent;}.fav-num{color:#666666;display:inline-block;}.fleft{float:left;}.fright{float:right;}#footer{height:60px;line-height:60px;padding-top:15px}.other{margin-right:30px;}.winlist{padding-left:15px}.winlist ul li{font-size:14px;line-height:25px}.winlist ul li span.date{margin-right:10px}.ewmthumb{position:relative;z-index:0;}.ewmthumb:hover{background-color:transparent;z-index:50;}.ewmthumb span{position:absolute;background-color:lightyellow;padding:1px;left:-1000px;border:0px dashed gray;visibility:hidden;color:black;text-decoration:none;}.ewmthumb span img{position:absolute;border-width:0;padding:2px;}.ewmthumb:hover span{visibility:visible;top:17px;left:-90px;}.wxewm{float:right;height:24px;line-height:24px;margin-top:45px;padding-left:1px;width:20px;}.go-to-wrapper{font-size:14px;width:1120px;height:98px;background:transparent;margin-left:-560px;position:fixed;left:50%;bottom:96px;z-index:1;}@media (max-width: 1119px) {.go-to-wrapper{width:auto;margin-left:0;padding-right:12px;left:auto;right:0;z-index:9999;}}@media (max-width: 767px) {.go-to-wrapper{display:none;}}.go-to{float:right;width:48px;}.go-to li{display:none;width:36px;height:36px;text-indent:-9999em;background:#a1acb5 url("../images/go-to.png") no-repeat;overflow:hidden;margin-top:2px;padding:6px;}.go-to li:hover{text-indent:0;background-image:none;}#go-to-comment{background-position:center top;margin-top:0;}#back-to-top{background-position:center -48px;}#bugDetail #go-to-comment{display:block;background-position:center top;}#go-to-feedback{display:block;background-position:center -96px;}.go-to li a{color:#fff;line-height:18px;}.go-to li a:hover{text-decoration:none;}.month-wrapper{width:948px;height:22px;overflow:hidden;margin:12px auto -22px;position:relative;z-index:1;}.month-list{width:9999999px;height:22px;line-height:22px;position:absolute;top:0;left:0;}.month-list li{color:#002E8C;float:left;width:118.5px;text-align:left;}.chart-list{width:926px;height:38px;background:url("../images/charts-bg.png") no-repeat 22px bottom;margin:0 auto;padding-left:22px;position:relative;z-index:2;}.chart-list li{float:left;width:121px;height:38px;margin-left:-2px;cursor:pointer;position:relative;}.chart-list li:first-child{margin-left:0;}.chart-list li.active{background:url("../images/month-bg.png") no-repeat left bottom;z-index:2;}.golden{color:#ff8400;font-weight:bold;text-shadow:0 0 3px rgba(241,184,0,1);}.fieldset{width:870px;border:1px solid #ccc;margin:0 auto;}.fieldset legend{font-weight:bold;padding:0 12px;margin-left:12px;}.fieldset pre{width:846px;border-width:0;overflow:hidden;padding:12px 12px;}.fieldset .fieldset{width:846px;}.fieldset .fieldset pre{width:822px;}.text-ellipsis{display:inline-block;width:678px;overflow:hidden;white-space:nowrap;-o-text-overflow:ellipsis;text-overflow:ellipsis;}.table-cell-sm{width:538px;}.table-cell-xs{width:413px;}div#__cz_push_c_object_box__,div#ooDiv,a[id^="__czUnion_a"]{display:none!important;z-index:-1!important;}


--------------------------------------------------------------------------------
/wooyun_final/css/style_1.css:
--------------------------------------------------------------------------------
1 | *{margin:0;padding:0;}li{list-style:none;}img{border:none;}a{color:#000079;text-decoration:none;}a:hover{color:#F60;text-decoration:underline;}a.btn{border:#999 1px solid;background:#DDD;padding:3px 5px}table{border-spacing:0;border-collapse:collapse;}textarea{font-size:13px;}.fred{color:red;}.fbold{font-weight:bold;}.clear{clear:both;height:0;overflow:hidden}html,body{font:12px Verdana,"Microsoft YaHei",Helvetica,Arial,Sans-Serif;width:100%;height:100%;text-align:center;background:#E0E4E7 url("../images/bg_1.png") repeat-x top;}.banner,.login,.nav,.bread,.content,.support,#footer{width:1000px;margin:0 auto;text-align:left;background:#FFF;}.banner{height:100px;background:url("../images/topbg_1.png") repeat-x;position:relative;overflow:normal;z-index:99;clear:both}.banner h1{font-size:40px;height:100px;line-height:100px;text-indent:24px;}.logo{float:left;width:450px}.logo h1{float:left}.logo .weibo{float:left;margin-top:45px;padding-left:9px;height:24px;width:110px;line-height:24px;}.login{width:550px;height:22px;line-height:22px;text-align:right;float:right;}.login a.reg{margin-right:12px;}.remind{width:150px;float:right;background:#f0f0f0;border:#999 1px solid;padding:1px 0;margin:15px 13px 0 0;text-align:center}.nav{color:#B6B6B6;height:40px;line-height:40px;*line-height:42px;background:url("../images/navbg_1.png") repeat-x;overflow:hidden;position:relative;}.nav ul li{float:left;}.nav ul li a{float:left;color:#B6B6B6;text-decoration:none;background:url("../images/libg_1.gif") no-repeat right;padding:0 13px 0 12px;}.nav ul li a:hover{color:#FFF;}.nav p{float:right;height:24px;line-height:24px;text-align:right;padding:8px 12px;}.nav p input{float:right;height:22px;line-height:22px;border:1px solid #999;}.nav p a{float:right;display:block;width:29px;height:24px;margin-left:2px;}.bread{height:24px;line-height:24px;text-indent:12px;}.content{padding-top:10px;position:relative;z-index:2;}.content h3{font-size:14px;font-weight:normal;width:950px;text-indent:10px;margin:0 auto;padding-top:15px;word-break:break-all;word-wrap:break-word;}.content h3 a{font-weight:bold;}.content p.caption{width:936px;line-height:22px;text-indent:2em;border:1px solid #BBB;background:#D7D6DC;margin:10px auto 0;padding:6px;}.content p.corpCaption{display:none;}.content hr{color:#BBB;width:950px;height:0;border:none;border-top:1px solid #BBB;margin:10px auto 0;}.content h2{font-size:26px;width:950px;line-height:2em;margin:0 auto;}.content p.detail{font-size:13px;width:870px;line-height:25px;margin:0 auto;padding:5px 12px;word-break:break-all;word-wrap:break-word;}.content h5{font-size:14px;text-align:center;margin:10px auto 0;}.content h5 a{display:inline-block;height:32px;line-height:32px;text-decoration:none;border:1px solid #999;background:#DDD;padding:0 6px;margin:0 6px;}.corp{display:none;}.success{width:636px;height:122px;line-height:22px;text-align:center;border:1px solid #999;background:#DDD;margin:10px auto 0;padding:84px 6px 6px;}.classTable{width:950px;line-height:22px;border:none;margin:10px auto 0;}.classTable tbody tr th,.classTable tbody tr td{padding:0 6px;}.classTable tbody tr th{text-align:right;}.listTable{width:950px;line-height:22px;border:2px solid #FFF;margin:10px auto 0;}.listTable thead tr{background:#D7D6DC;}.listTable thead tr th{font-weight:normal;text-align:center;}.listTable tbody tr:hover{background-color:#ebebeb;}.listTable tr th,.listTable tr td{border:2px solid #FFF;padding:0 6px;white-space:nowrap;}.listTable tbody tr th{font-weight:normal;text-align:center;}.formTable{font-size:14px;width:950px;line-height:24px;border:none;margin:10px auto 0;}.formTable tbody tr th *,.formTable tbody tr td *{vertical-align:middle;}.formTable tbody tr th,.formTable tbody tr td{padding:3px 6px;white-space:nowrap;}.formTable tbody tr th{font-weight:normal;text-align:right;}.page{width:946px;text-align:right;margin:10px auto 0;padding:0 2px;}.page a{margin:0 5px;}.page a.current{font-weight:bold;text-decoration:underline;}.copyright{height:60px;line-height:60px;margin-left:30px;}.infoTab{width:750px;height:31px;border-bottom:1px solid #999;background:#DDD;margin:0 auto;position:relative;}.infoTab ul{width:726px;height:32px;padding:0 12px;position:absolute;bottom:-1px;right:0;}.infoTab ul li{float:right;height:24px;margin:7px 0 0 6px;padding:0 6px;}.infoTab ul li.current{border:1px solid #999;border-bottom:0;background:#FFF;}.infoTab ul li a{display:block;height:18px;line-height:18px;margin-top:3px;padding:0 6px 1px;*padding:1px 6px 0;*width:50px}.infoTab ul li a:hover{color:#FFF;text-decoration:none;background:#F60;}.infoTab ul li.current a:hover{color:#000;background:#FFF;cursor:default;}.infoContent{display:none;width:726px;margin:10px auto 0;padding:0 12px 10px;}.infoContent.block{display:block;}.infoContent .formTable{width:100%;}.infoContent .listTable{width:700px;}#list .listTable{margin-top:15px;}#userUpdate .content h2{width:750px;}#corpList .listTable{border:none;background:none;margin-top:15px;}#corpList .listTable tr th,#corpList .listTable tr td{border:none;padding:0 6px;white-space:nowrap;}#friends .classTable{width:900px;}#bugDetail .content h3{padding-top:5px;}#bugDetail .content h3.detailTitle{border-left:5px solid #999;margin-top:15px;}.remark{color:blue;display:none;font-size:12px;line-height:24px;}.error{color:red;font-size:12px;line-height:24px;margin-left:24px;}pre,code{font-family:Lucida Console,Courier New,Courier,mono,monospace;color:#333;background-color:#f8f8f8;}pre{border:1px #ccc solid;line-height:18px;overflow:auto;word-wrap:break-word;margin:0 auto;padding:4px 8px;width:852px;}.mainLeft{float:left;width:179px;border-right:1px dashed #333;padding:40px 10px 10px;}.mainLeft ul li{line-height:24px;list-style:square inside;}.mainRight{float:right;width:800px;}.infoLeftTab{width:947px;height:31px;border-bottom:1px solid #999;background:#DDD;margin:0 auto;margin-top:10px;position:relative;}.infoLeftTab ul{width:920px;height:32px;padding:0 12px;position:absolute;bottom:-1px;right:0;}.infoLeftTab ul li{float:left;height:24px;margin:7px 0 0 12px;padding:0 6px;}.infoLeftTab ul li.current{border:1px solid #999;border-bottom:0;background:#FFF;}.infoLeftTab ul li a{display:block;height:18px;line-height:18px;margin-top:3px;padding:0 6px 1px;*padding:1px 6px 0;*width:50px}.infoLeftTab ul li a:hover{color:#FFF;text-decoration:none;background:#F60;}.infoLeftTab ul li.current a:hover{color:#000;background:#FFF;cursor:default;}ul.corplist{margin:0;padding:0}ul.corplist li{float:left}ul.corplist li.current{border-bottom:#000 1px solid}span.small{margin-left:15px;font-size:12px;font-weight:normal}div.comment{margin:0 auto 15px auto;width:870px;text-align:left}dl.commentlist{width:650px}dl.commentlist dt{line-height:22px}dl.commentlist dt span.user{margin-left:15px}dl.commentlist dt span.user label{color:#555555;font-size:12px}dl.commentlist dd{line-height:25px;font-size:14px;padding:5px;word-wrap:break-word;border-bottom:1px dashed #ccc}.content .catrss{background:url("../images/catrss.png") no-repeat left;width:16px;height:11px;display:inline-block;margin-bottom:-1px;margin-left:5px;}.content .corprss{background:url("../images/corprss.png") no-repeat left;width:16px;height:16px;display:inline-block;margin-bottom:-4px;margin-left:5px;}.catrss:hover,.corprss:hover{text-decoration:none;}div.sms_content{width:600px;padding:10px 0 30px 0;word-wrap:break-word;word-break:break-all;table-layout:fixed;clear:both;white-space:-moz-pre-wrap;white-space:-hp-pre-wrap;white-space:-o-pre-wrap;white-space:-pre-wrap;white-space:pre;white-space:pre-wrap;white-space:pre-line}span.sms_time{font-size:12px;float:right;padding-right:20px}.fsize_13{font-size:13px}.csetip{margin:0 15px;font-size:14px}#searchbox{background:url("../images/search_1.png") no-repeat right;display:inline;float:right;height:24px;line-height:24px;padding:8px 0;margin:0 12px 0 0;}#search_input{height:22px;line-height:22px;width:151px;border:1px solid #999;}#search_button{background:none repeat scroll 0 0 transparent;border:medium none;cursor:pointer;width:29px;height:24px;text-indent:-1000px;}#share{height:24px;line-height:24px;font-size:14px;}.jobshare{margin:10px 0 0 65px;}.new{display:inline-block;background:url(../images/new_1.png) no-repeat 52px 3px;}.credit{height:16px;border:none;margin:0 0 -3px 5px;}.content .toctit{margin-bottom:5px;background:#eee;border-bottom:1px solid #999;padding:5px 0;margin-top:15px;}.content .toc{font-size:13px;line-height:25px;margin:0 auto;width:900px;margin-left:80px;}.content .toc li{list-style-type:decimal;}#help p,#about p,#lawer p{text-indent:2em;font-size:13px;line-height:25px;margin:0 auto;width:900px;word-wrap:break-word;}span.tag{text-align:center;margin-right:3px;padding:2px 5px;background:#E1E1E1}span.zonetag{font-size:12px;text-align:center;margin-right:4px;padding:3px 6px;background:#E1E1E1;border:#CCC 1px solid}.hot{width:932px;height:160px;border:1px solid #DDD;margin:0 auto;padding:0 8px 8px;overflow:hidden;position:relative;}.scrollContent{width:932px;position:absolute;top:0;left:8px;}.hotContent{width:932px;padding-bottom:8px;overflow:hidden;}.hot .listTable{float:left;width:522px;display:block;}.zoneIntro{float:right;width:376px;height:142px;line-height:1.5em;background:#EFEFEF;margin-top:6px;padding:6px 12px;}.zoneIntro h1{line-height:1.5em;font-size:18px;margin-bottom:5px;}.zoneIntro p{line-height:1.8em;text-indent:2em;}.zoneList{width:950px;height:22px;line-height:22px;margin:0 auto;padding-bottom:10px;}.zoneList li{float:left;display:block;margin-right:3px;}.zoneList li a{float:left;border:1px solid #DDD;background:#EEE;padding:0 6px;}.zoneList li a:hover{text-decoration:none;}.zoneList li.current a{color:#FFF;text-decoration:none;background:#F60;}.zoneList li.current a:hover{text-decoration:none;}.support{width:950px;border-top:1px solid #DDD;margin-top:12px;}.supportTable{border:none;margin-top:10px;}.supportTable tr th{font-size:15px;font-weight:bold;}.supportTable tr th,.supportTable tr td{padding:3px 6px;}.bugImg{min-width:200px;max-width:870px;width:auto;_width:600px;}.replys{margin:0 15px 15px 65px;}.replys .topic{width:100%;}.replylist .reply{border-bottom:1px solid #CCC;overflow:hidden;padding:15px 15px 0 15px;}.reply .description p{font-size:14px;margin-top:10px;}.replylist li{width:700px;}.fixed,.clear{clear:both;}.clearfix:after{content:".";display:block;clear:both;visibility:hidden;line-height:0;height:0;}.clearfix{display:inline-block;}.author-info .addtime,.replylist .addtime{font:12px Georgia,Verdana,Microsoft YaHei,Helvetica,Arial,Sans-Serif;color:#333;}.reply .reply-info{color:#999;}.reply .replylist-act{height:14px;float:right;padding-bottom:8px;}.reply .replylist-act .replyBtn{display:none;}.reply .replylist-act span.floor{display:block;float:right;margin-left:10px;color:#999}.paper-info h3{line-height:24px;padding:0;}.paper-toc{line-height:24px;margin-left:100px;}.paper-toc li{line-height:24px;}#paper{font-size:14px;}#paper .toc li{list-style:none;}#paper p{text-indent:2em;font-size:14px;line-height:25px;margin:0 auto;width:900px;word-wrap:break-word;}div.toc-sidebar{border:1px solid #ccc;background:none repeat scroll 0 0 #f8f8f8;float:right;position:fixed;top:4em;right:1em;z-index:1;border-radius:4px 4px 4px 4px;opacity:0.2;padding:3px;}div.toc-sidebar:hover{box-shadow:0 0 8px #666;opacity:1;}div.toc-sidebar ul{margin:0;padding:0 0 0 1em;}div.toc-sidebar>ul{padding:0;}div.toc-sidebar li{list-style-type:none;line-height:18px;overflow:hidden;margin:0;padding:0 0 0 18px;}.good_replys{background-color:#FFF;border:1px solid #999;width:730px;bottom:-100px;}.good_replys_title{font-size:20px;color:#FF6600;font-weight:bold;background:#EEEEEE;border-bottom:1px solid #999999;padding:5px 10px;}.good_replys_list{padding:0;}.good_replys_list .replylist{margin-bottom:-2px;}.content h5.rating{height:45px;margin:10px auto 0;width:320px;}.myrating{width:140px;}.myrating span{display:inline-block;width:21px;height:21px;background:url(../images/star-empty.png) center no-repeat;cursor:pointer}.myrating span.on{background:url(../images/star-new.png) center no-repeat}.myrating span.hover{background:url(../images/star-new-hover.png) center no-repeat}.ratingText,.myrating{float:left;}#ratingShow{width:350px;text-align:left;font-weight:normal;position:absolute;padding:0 0 0 18px}.ratingShow{text-align:left;font-weight:normal;position:absolute;padding:0 15px;background:#fff;text-indent:0}.likenums{margin-left:10px;color:red;}.likenum{position:relative;display:inline-block;top:0;height:14px;width:90px;vertical-align:-2px;_height:15px;}.likebox,.likepre,.likesuf{display:inline-block;height:16px;overflow-y:hidden;background:url(../images/likeicon.png);}.likebox{float:right;background-position:0 -19px;background-repeat:repeat-x;left:10px;}.likepre,.likesuf,.liketext{overflow:hidden;float:left;cursor:default;}.likepre{cursor:pointer;}.liketext{color:#2979A1;line-height:16px;font-size:11px;width:30px;text-align:center;}.liketext_min{width:35px;}.liketext_max{width:55px;}.likepre{width:20px;}.likesuf{width:3px;background-position:-32px 0;}#rating_wrap{font-size:10px;line-height:21px;height:110px;margin:3px auto 0;width:250px;}.starstop{float:left;background:url(../images/all_star.png);display:block;width:105px;height:21px;margin:0;}.stargray{float:left;background:url(../images/star_gray.png);display:block;width:105px;height:18px;margin:0;}.sub_ins .starstop{float:none;width:105px;display:inline;position:absolute;}.stars{display:inline-block;background:url(../images/all_star.png);width:105px;height:21px;margin:1px 0 0 7px;}.stars4{background-position:left 84px;}.stars3{background-position:left 63px;}.stars2{background-position:left 42px;}.stars1{background-position:left 21px;}.power{height:15px;float:left;background:#f5cbad;margin:3px 3px;}.itemcount{font-size:11px;}.btn-fav{border:1px solid #EDCEBA;border-radius:3px 3px 3px 3px;display:inline-block;height:19px;line-height:19px;margin-left:4px;overflow:hidden;padding:0 8px 0 20px;vertical-align:middle;}a.btn-fav:link,a.btn-fav:visited{background-color:#FFF6EE;border-color:#F2ECE7;color:#99776B;font-weight:normal}a.btn-fav:hover,a.btn-fav:active{background-color:#FFF0E2;border-color:#EDCEBA;color:#99776B;font-weight:normal}.fav-add,.fav-add:link,.fav-add:hover{background:url("../images/collect_like_1.png") no-repeat scroll 8px 3px transparent;}.fav-cancel,.fav-cancel:link,.fav-cancel:hover{background:url("../images/collect_like_1.png") no-repeat scroll 8px -17px transparent;}.fav-num{color:#666666;display:inline-block;}.fleft{float:left;}.fright{float:right;}#footer{height:60px;line-height:60px;padding-top:15px}.other{margin-right:30px;}.winlist{padding-left:15px}.winlist ul li{font-size:14px;line-height:25px}.winlist ul li span.date{margin-right:10px}.ewmthumb{position:relative;z-index:0;}.ewmthumb:hover{background-color:transparent;z-index:50;}.ewmthumb span{position:absolute;background-color:lightyellow;padding:1px;left:-1000px;border:0px dashed gray;visibility:hidden;color:black;text-decoration:none;}.ewmthumb span img{position:absolute;border-width:0;padding:2px;}.ewmthumb:hover span{visibility:visible;top:17px;left:-90px;}.wxewm{float:right;height:24px;line-height:24px;margin-top:45px;padding-left:1px;width:20px;}.go-to-wrapper{font-size:14px;width:1120px;height:98px;background:transparent;margin-left:-560px;position:fixed;left:50%;bottom:96px;z-index:1;}@media (max-width: 1119px) {.go-to-wrapper{width:auto;margin-left:0;padding-right:12px;left:auto;right:0;z-index:9999;}}@media (max-width: 767px) {.go-to-wrapper{display:none;}}.go-to{float:right;width:48px;}.go-to li{display:none;width:36px;height:36px;text-indent:-9999em;background:#a1acb5 url("../images/go-to_1.png") no-repeat;overflow:hidden;margin-top:2px;padding:6px;}.go-to li:hover{text-indent:0;background-image:none;}#go-to-comment{background-position:center top;margin-top:0;}#back-to-top{background-position:center -48px;}#bugDetail #go-to-comment{display:block;background-position:center top;}#go-to-feedback{display:block;background-position:center -96px;}.go-to li a{color:#fff;line-height:18px;}.go-to li a:hover{text-decoration:none;}.month-wrapper{width:948px;height:22px;overflow:hidden;margin:12px auto -22px;position:relative;z-index:1;}.month-list{width:9999999px;height:22px;line-height:22px;position:absolute;top:0;left:0;}.month-list li{color:#002E8C;float:left;width:118.5px;text-align:left;}.chart-list{width:926px;height:38px;background:url("../images/charts-bg.png") no-repeat 22px bottom;margin:0 auto;padding-left:22px;position:relative;z-index:2;}.chart-list li{float:left;width:121px;height:38px;margin-left:-2px;cursor:pointer;position:relative;}.chart-list li:first-child{margin-left:0;}.chart-list li.active{background:url("../images/month-bg.png") no-repeat left bottom;z-index:2;}.golden{color:#ff8400;font-weight:bold;text-shadow:0 0 3px rgba(241,184,0,1);}.fieldset{width:870px;border:1px solid #ccc;margin:0 auto;}.fieldset legend{font-weight:bold;padding:0 12px;margin-left:12px;}.fieldset pre{width:846px;border-width:0;overflow:hidden;padding:12px 12px;}.fieldset .fieldset{width:846px;}.fieldset .fieldset pre{width:822px;}.text-ellipsis{display:inline-block;width:678px;overflow:hidden;white-space:nowrap;-o-text-overflow:ellipsis;text-overflow:ellipsis;}.table-cell-sm{width:538px;}.table-cell-xs{width:413px;}div#__cz_push_c_object_box__,div#ooDiv,a[id^="__czUnion_a"]{display:none!important;z-index:-1!important;}


--------------------------------------------------------------------------------
/wooyun_final/css/whitehat_detail.css:
--------------------------------------------------------------------------------
 1 | .tabs {
 2 |   width: 95%;
 3 |   float: none;
 4 |   list-style: none;
 5 |   position: relative;
 6 |   margin: 0 0 0 0;
 7 |   text-align: left;
 8 | }
 9 | .tabs li {
10 |   float: left;
11 |   display: block;
12 | }
13 | .tabs input[type="radio"] {
14 |   position: absolute;
15 |   top: -9999px;
16 |   left: -9999px;
17 | }
18 | .tabs label {
19 |   display: block;
20 |   padding: 7px 5px 10px 10px;
21 |   border-radius: 2px 2px 0 0;
22 |   font-size: 14px;
23 |   font-weight: normal;
24 |   text-transform: uppercase;
25 |   background: #d0d0d0;
26 |   cursor: pointer;
27 |   position: relative;
28 |   top: 17px;
29 |   -webkit-transition: all 0.2s ease-in-out;
30 |   -moz-transition: all 0.2s ease-in-out;
31 |   -o-transition: all 0.2s ease-in-out;
32 |   transition: all 0.2s ease-in-out;
33 | }
34 | .tabs label:hover {
35 |   background: #FCFCFC;
36 | }
37 | .tabs .tab-content {
38 | 	
39 |   z-index: 2;
40 |   display: none;
41 |   overflow: hidden;
42 |   width: 100%;
43 |   font-size: 17px;
44 |   line-height: 20px;
45 |   padding: 25px;
46 |   position: absolute;
47 |   top: 53px;
48 |   left: 0;
49 |   background: #FCFCFC;
50 | }
51 | .tabs [id^="tab"]:checked + label {
52 |   top:17px;
53 |   
54 |   padding-top:7px;
55 |   background: #FCFCFC;
56 | }
57 | .tabs [id^="tab"]:checked ~ [id^="tab-content"] {
58 |   display: block;
59 | }


--------------------------------------------------------------------------------
/wooyun_final/help.php:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 2 | <html xmlns="http://www.w3.org/1999/xhtml">
 3 | <head>
 4 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 5 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 6 | <title> 用户登录 | 乌云网 | WooYun.org </title>
 7 | <meta name="author" content="80sec"/>
 8 | <meta name="copyright" content="http://www.wooyun.org/"/>
 9 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
10 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
11 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
12 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
13 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
14 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
15 | <script type="text/javascript" src="js/jquery_1.7.2_jquery.min.js"></script>
16 | </head>
17 | <body id="bugDetail">
18 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
19 | 
20 | <div class="banner">
21 | <div class="logo">
22 | <h1>WooYun.org</h1>
23 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
24 | </div>
25 | 
26 | 		</div>
27 | 		
28 | 				<div class="login">
29 | 					<a href="user.php">登录</a> | <a class="reg" href="reg.php">注册</a>
30 | 				</div>
31 | 				</div>
32 | 
33 | 	<div class="nav" id="nav_sc">
34 | 				<ul>
35 | 			<li><a href="index.php">首页</a></li>
36 | 			<li><a href="corps.php">厂商列表</a></li>
37 | 			<li><a href="whitehats.php">白帽子</a></li>
38 | 			<li><a>乌云榜</a></li> 
39 |             <li><a>团队</a></li>
40 |             <li><a href="bugs.php">漏洞列表</a></li>
41 | 			<li class="new"><a>提交漏洞</a></li>
42 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
43 | 			<li><a>公告</a></li>
44 | 		</ul>
45 |         <form action="searchbug.php" method="get" id="searchbox">
46 |             <input type="text" name="q" id="search_input" />
47 |             <input type="submit" value="搜索" id="search_button" />
48 |         </form>
49 | 	</div>
50 | 
51 | 	<div class="bread" style="padding-top: 4px;">
52 | 		<div style="float:left">当前位置：<a href="user.php">WooYun</a> >> <a>帮助</a></div>
53 | 			</div>
54 | <div class="content">
55 | <div style="padding:0 0 0 75px;">
56 | 
57 | <input type="hidden" id="token" style="display:none" value="" />
58 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">帮助</h3>
59 | 		<div  style="width:98%;text-align:left;font-size:15px;padding:5px 0 5px 10px;"><p style="line-height:35px;background-color:#BEBEBE;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;欢迎加群：470311432.</p>
60 | 		</div>
61 | 		
62 | </div>
63 | <!--content-end-->
64 | </div>
65 | 	<div id="footer">
66 |         <span class="copyright fleft">
67 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
68 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
69 | 
70 |     	</span>
71 |         <span class="other fright">
72 |                         <a href="impression">行业观点</a>
73 |             · <a href="lawer">法律顾问</a>
74 |             · <a href="contact.php">联系我们</a>
75 |             · <a href="help">帮助</a>
76 |             · <a href="about.php">关于</a>
77 |         </span>
78 |     </div>
79 | </body>
80 | </html>


--------------------------------------------------------------------------------
/wooyun_final/images/bg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/bg.png


--------------------------------------------------------------------------------
/wooyun_final/images/bg_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/bg_1.png


--------------------------------------------------------------------------------
/wooyun_final/images/collect_like.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/collect_like.png


--------------------------------------------------------------------------------
/wooyun_final/images/collect_like_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/collect_like_1.png


--------------------------------------------------------------------------------
/wooyun_final/images/go-to.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/go-to.png


--------------------------------------------------------------------------------
/wooyun_final/images/go-to_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/go-to_1.png


--------------------------------------------------------------------------------
/wooyun_final/images/libg.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/libg.gif


--------------------------------------------------------------------------------
/wooyun_final/images/libg_1.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/libg_1.gif


--------------------------------------------------------------------------------
/wooyun_final/images/navbg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/navbg.png


--------------------------------------------------------------------------------
/wooyun_final/images/navbg_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/navbg_1.png


--------------------------------------------------------------------------------
/wooyun_final/images/new.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/new.png


--------------------------------------------------------------------------------
/wooyun_final/images/new_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/new_1.png


--------------------------------------------------------------------------------
/wooyun_final/images/search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/search.png


--------------------------------------------------------------------------------
/wooyun_final/images/search_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/search_1.png


--------------------------------------------------------------------------------
/wooyun_final/images/topbg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/topbg.png


--------------------------------------------------------------------------------
/wooyun_final/images/topbg_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/images/topbg_1.png


--------------------------------------------------------------------------------
/wooyun_final/img/default_avatar.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/img/default_avatar.gif


--------------------------------------------------------------------------------
/wooyun_final/index.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | 
  3 | require('conn.php');
  4 | 
  5 | 
  6 | ?>
  7 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  8 | <html xmlns="http://www.w3.org/1999/xhtml">
  9 | <head>
 10 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 11 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 12 | <title> 乌云网 | | WooYun.org </title>
 13 | <meta name="author" content="80sec"/>
 14 | <meta name="copyright" content="http://www.wooyun.org/"/>
 15 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 16 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 17 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 18 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 19 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
 20 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 21 | </head>
 22 | <body id="bugDetail">
 23 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 24 | 
 25 | <div class="banner">
 26 | <div class="logo">
 27 | <h1>WooYun.org</h1>
 28 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 29 | </div>
 30 | 
 31 | 		</div>
 32 | 		
 33 | 				<div class="login">
 34 | 									<?php 				   if(isset($_SESSION['username'])){
 35 | 					 if(@$chk_count['is_fromwooyun'] == 1){
 36 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
 37 | 					 }
 38 | 					 else{
 39 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
 40 | 					 }
 41 |                   }else{
 42 | 					  echo '<a href="../login.php">登录</a> | <a class="reg" href="reg.php">注册</a>';
 43 | 				  }
 44 | 				?>
 45 | 				</div>
 46 | 				</div>
 47 | 
 48 | 	<div class="nav" id="nav_sc">
 49 | 		<ul>
 50 | 			<li><a href="index.php">首页</a></li>
 51 | 			<li><a href="corps.php">厂商列表</a></li>
 52 | 			<li><a href="whitehats.php">白帽子</a></li>
 53 | 			<li><a>乌云榜</a></li> 
 54 |             <li><a>团队</a></li>
 55 |             <li><a href="bugs.php">漏洞列表</a></li>
 56 | 			<li class="new"><a>提交漏洞</a></li>
 57 | 			<li><a href="http://www.loner.fm" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
 58 | 			<li><a>公告</a></li>
 59 | 		</ul>
 60 |         <form action="searchbug.php" method="get" id="searchbox">
 61 | 	    <input type="checkbox" name="detail" id="detail"> 搜索漏洞详情
 62 |             <input type="text" name="q" id="search_input" />
 63 |             <input type="submit" value="搜索" id="search_button" />
 64 |         </form>
 65 | 	</div>
 66 | 
 67 | 	<div class="bread" style="padding-top: 4px;">
 68 | 		<div style="float:left">当前位置：<a href="index.php">WooYun</a> >> <a href="#">首页</a></div>
 69 | 			</div>
 70 | <div class="content">
 71 | <div style="padding:0 0 95px 0;">
 72 | 
 73 | <input type="hidden" id="token" style="display:none" value="" />
 74 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">最新提交(30)</h3>
 75 | <div class="wybug_date" style="padding:0 30px 0 30px;">
 76 | <ul style="font-size:14px;list-style:none;line-height:20px;">
 77 | <li style="width:14.3%;height:20px;background-color:#E0E0E0;float:left;" >提交时期</li>
 78 | <li style="width:55%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >漏洞名称</li> 
 79 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >评论关注</li> 
 80 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.3%;" >作者</li> 
 81 | </ul>
 82 | <?php   @$result_data_desc = mysql_query("select * from bugs order by wybug_date desc limit 6");
 83 |   while(@$row = mysql_fetch_array(@$result_data_desc)){
 84 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
 85 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.@$row['wybug_date'].'</li>';
 86 | 	 echo '<li  style="width:55%;height:25px;background-color:#FFFFFF;float:left" ><a href="bug_detail.php?wybug_id='.@$row['wybug_id'].'">'.@$row['wybug_title'].'</a></li>';
 87 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >0/1</li>';
 88 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" ><a href="whitehat_detail.php?whitehat='.@$row['wybug_author'].'">'.@$row['wybug_author'].'</a></li>';
 89 | 	 echo '</ul>';
 90 |  }
 91 | ?>
 92 | 
 93 | </div>
 94 | <input type="hidden" id="token" style="display:none" value="" />
 95 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">最新公开(30)</h3>
 96 | <div class="wybug_date" style="padding:0 30px 0 30px;">
 97 | <ul style="font-size:14px;list-style:none;line-height:20px;">
 98 | <li style="width:14.3%;height:20px;background-color:#E0E0E0;float:left;" >提交时期</li>
 99 | <li style="width:55%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >漏洞名称</li> 
100 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >评论关注</li> 
101 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.3%;" >作者</li> 
102 | </ul>
103 | <?php   @$result_data_desc = mysql_query("select * from bugs where wybug_status like '%厂商已经修复%' order by wybug_date desc limit 6");
104 |   while(@$row = mysql_fetch_array(@$result_data_desc)){
105 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
106 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.@$row['wybug_date'].'</li>';
107 | 	 echo '<li  style="width:55%;height:25px;background-color:#FFFFFF;float:left" ><a href="bug_detail.php?wybug_id='.@$row['wybug_id'].'">'.@$row['wybug_title'].'</a></li>';
108 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >0/1</li>';
109 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" ><a href="whitehat_detail.php?whitehat='.@$row['wybug_author'].'">'.@$row['wybug_author'].'</a></li>';
110 | 	 echo '</ul>';
111 |  }
112 | ?>
113 | 
114 | </div>
115 | 
116 | <input type="hidden" id="token" style="display:none" value="" />
117 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">最新确认(30)</h3>
118 | <div class="wybug_date" style="padding:0 30px 0 30px;">
119 | <ul style="font-size:14px;list-style:none;line-height:20px;">
120 | <li style="width:14.3%;height:20px;background-color:#E0E0E0;float:left;" >提交时期</li>
121 | <li style="width:55%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >漏洞名称</li> 
122 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >评论关注</li> 
123 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.3%;" >作者</li> 
124 | </ul>
125 | <?php   @$result_data_desc = mysql_query("select * from bugs where wybug_status like '%厂商已经确认%' order by wybug_date desc limit 6");
126 |   while(@$row = mysql_fetch_array(@$result_data_desc)){
127 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
128 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.@$row['wybug_date'].'</li>';
129 | 	 echo '<li  style="width:55%;height:25px;background-color:#FFFFFF;float:left" ><a href="bug_detail.php?wybug_id='.@$row['wybug_id'].'">'.@$row['wybug_title'].'</a></li>';
130 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >0/1</li>';
131 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" ><a href="whitehat_detail.php?whitehat='.@$row['wybug_author'].'">'.@$row['wybug_author'].'</a></li>';
132 | 	 echo '</ul>';
133 |  }
134 | 
135 | ?>
136 | 
137 | </div>
138 | 
139 | </div>
140 | <!--content-end-->
141 | </div>
142 | 	<div id="footer">
143 |         <span class="copyright fleft">
144 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
145 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
146 |     	</span>
147 |         <span class="other fright">
148 |                         <a>行业观点</a>
149 |             · <a>法律顾问</a>
150 |             · <a href="contact.php">联系我们</a>
151 |             · <a href="help.php">帮助</a>
152 |             · <a href="about.php">关于</a>
153 | 			<script src="https://s4.cnzz.com/z_stat.php?id=1261218610&web_id=1261218610" language="JavaScript"></script>
154 |         </span>
155 |     </div>
156 | <?php mysql_close(@$conn);?>
157 | </body>
158 | </html>
159 | 


--------------------------------------------------------------------------------
/wooyun_final/searchbug.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | require('conn.php');
  3 | function get_sql($retfield,$where_field,$s){
  4 |     $sa=explode(" ",$s);
  5 |     $where_str = "";
  6 |     $where_str_link = " where ";
  7 |     foreach($sa as $a){
  8 |         if(trim($a)== "") continue;
  9 |         $where_str .= $where_str_link;
 10 |         $where_str .= $where_field;
 11 |         $where_str .= " like '%";
 12 |         $where_str .= $a;
 13 |         $where_str .= "%'";
 14 |         $where_str_link =" and ";
 15 |     }
 16 |     $sql = "select ".$retfield." from bugs ".$where_str." order by wybug_date desc";
 17 | 
 18 |     return $sql;
 19 | }
 20 | 
 21 | @$q0=isset($_GET['q'])?$_GET['q']:'SQL注射';
 22 | $q = addslashes($q0);
 23 | $table_fieldname="wybug_title";
 24 | if(isset($_GET["detail"])) $table_fieldname="wybug_detail";
 25 | $sql = get_sql("id",$table_fieldname,$q);
 26 | $qs = mysql_query($sql);
 27 | ?>
 28 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 29 | <html xmlns="http://www.w3.org/1999/xhtml">
 30 | <head>
 31 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 32 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 33 | <title> <?php echo @$bugs_author['wybug_author'];?> | 乌云网 | WooYun.org </title>
 34 | <meta name="author" content="80sec"/>
 35 | <meta name="copyright" content="http://www.wooyun.org/"/>
 36 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 37 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 38 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 39 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 40 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
 41 | 
 42 | <link href="css/whitehat_detail.css" rel="stylesheet" type="text/css"/>
 43 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 44 | </head>
 45 | <body id="bugDetail">
 46 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 47 | 
 48 | <div class="banner">
 49 | <div class="logo">
 50 | <h1>WooYun.org</h1>
 51 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 52 | </div>
 53 | 
 54 | 		</div>
 55 | 		
 56 | 				<div class="login">
 57 | 									<?php 				   if(isset($_SESSION['username'])){
 58 | 					 if(@$chk_count['is_fromwooyun'] == 1){
 59 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
 60 | 					 }
 61 | 					 else{
 62 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
 63 | 					 }
 64 |                   }else{
 65 | 					  echo '<a href="user.php">登录</a> | <a class="reg">注册</a>';
 66 | 				  }
 67 | 				?>
 68 | 				</div>
 69 | 				</div>
 70 | 
 71 | 	<div class="nav" id="nav_sc">
 72 | 				<ul>
 73 | 			<li><a href="index.php">首页</a></li>
 74 | 			<li><a href="corps.php">厂商列表</a></li>
 75 | 			<li><a href="whitehats.php">白帽子</a></li>
 76 | 			<li><a>乌云榜</a></li> 
 77 |             <li><a>团队</a></li>
 78 |             <li><a href="bugs.php">漏洞列表</a></li>
 79 | 			<li class="new"><a>提交漏洞</a></li>
 80 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
 81 | 			<li><a>公告</a></li>
 82 | 		</ul>
 83 |         <form action="searchbug.php" method="get" id="searchbox">
 84 | 	    <input type="checkbox" name="detail" id="detail"> 搜索漏洞详情
 85 |             <input type="text" name="q" id="search_input" />
 86 |             <input type="submit" value="搜索" id="search_button" />
 87 |         </form>
 88 | 	</div>
 89 | 
 90 | 	<div class="bread" style="padding-top: 4px;">
 91 | 		<div style="float:left">当前位置：<a href="index.php">首页</a> >> <a href="whitehat_detail.php?whitehat=<?php echo @$whitehats['whitehat'];?>">检索结果</a></div>
 92 | 			</div>
 93 | <div class="content">
 94 | <!--头像标签开始-->
 95 | 
 96 | 	 <div style="float:left;padding:10px 0 14px 20px;background-color:#FCFCFC;width:100%">
 97 |      
 98 | <span style="display:inline;"><p style="display:inline;font-size:20px;color:#7B7B7B">搜索关键字：</p><p style="display:inline;font-size:20px;color:#CE0000"> <?php echo htmlspecialchars($q, ENT_COMPAT);?> </p> <p style="display:inline;font-size:20px;color:#7B7B7B">(共 <?php echo mysql_num_rows($qs);?> 条记录)</p></span>
 99 | 
100 |     </div>
101 | 	
102 | <!--检索结果-start-->
103 | <div>
104 | 
105 |   <?php    $num = "15"; //每页显示30条
106 | 		@$page=isset($_GET['page'])?intval($_GET['page']):1;				
107 | 		@$total=mysql_num_rows($qs); //查询数据的总数total
108 |         @$pagenum=ceil($total/$num);
109 | 		if($page>$pagenum || $page == 0){
110 |            exit;
111 |         } 
112 |   @$offset=($page-1)*$num;
113 |   $sql=get_sql("wybug_id,wybug_title,wybug_date,wybug_author",$table_fieldname,$q);
114 |   $sql .= " limit ".$offset.",15";
115 |   $bugs_result2222=mysql_query($sql);  
116 |   while(@$row223 = mysql_fetch_array($bugs_result2222)){
117 | 	     echo '<div style="padding:0 0 30px 20px;width:100%"><span style="font-size:20px;line-height:25px;">';
118 |          echo '<p style="padding:0 0 14px 0;"><a href="bug_detail.php?wybug_id='.$row223['wybug_id'].'">'.$row223['wybug_title'].'</a></p>';
119 | 	    
120 | 	 	 echo '<p style="display:inline;font-size:14px;line-height:25px;">提交日期：<a>'.$row223['wybug_date'].'</a></p>';
121 | 		 echo '<p style="display:inline;font-size:14px;line-height:25px;"> 作者：<a href="whitehat_detail.php?whitehat=';
122 |          echo $row223['wybug_author'].'">'.$row223['wybug_author'].'</a>';
123 | 	     echo '</p></span> </div>';
124 |  }
125 | 
126 | ?>
127 | 
128 | <div  style="float:right;padding:10px 30px 0 0"><?php 
129 | @$page = $_GET['page']?$_GET['page']:1;//当前页数，默认是1
130 | if($page==1){
131 | 	$prepage=1;
132 | }else{
133 | 	$prepage=$page-1;
134 | }
135 | if($page==$pagenum){
136 | 	$nextpage=$pagenum;
137 | }else{
138 | 	$nextpage=$page+1;
139 | }
140 | echo '<center> 共 '.$total.' 条记录';
141 | echo '，'.$pagenum.' 页 ';
142 | echo '<a href="searchbug.php?q='.$q.'&page=1">首页</a>|';
143 | echo '<a href="searchbug.php?q='.$q.'&page='.$prepage.'">上一页</a>|';
144 | echo '<a href="searchbug.php?q='.$q.'&page='.$nextpage.'">下一页</a>|';
145 | echo '<a href="searchbug.php?q='.$q.'&page='.$pagenum.'">末页</a></center>';
146 | ?>
147 | </div>
148 | 
149 | 
150 | </div>
151 | <!---检索结果-end-->
152 | 
153 | 
154 | </div>
155 | 	<div id="footer" style="padding-top:20px;background-color:#E0E4E7">
156 |         <span class="copyright fleft">
157 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
158 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
159 |     	</span>
160 |         <span class="other fright" style="">
161 |                         <a>行业观点</a>
162 |             · <a>法律顾问</a>
163 |             · <a href="contact.php">联系我们</a>
164 |             · <a href="help.php">帮助</a>
165 |             · <a href="about.php">关于</a>
166 | 			<script src="https://s4.cnzz.com/z_stat.php?id=1261218610&web_id=1261218610" language="JavaScript"></script>
167 |         </span>
168 |     </div>
169 | <?php  mysql_close($conn);?>
170 | </body>
171 | </html>
172 | 


--------------------------------------------------------------------------------
/wooyun_final/styles.css:
--------------------------------------------------------------------------------
  1 | *{
  2 | 	margin:0;
  3 | 	padding:0;
  4 | }
  5 | 
  6 | body{
  7 | 	font-size:14px;
  8 | 	color:#666;
  9 | 	background:url('img/bg.jpg') #f2f2f2;
 10 | 	font-family:Arial, Helvetica, sans-serif;
 11 | }
 12 | 
 13 | .comment,
 14 | #addCommentContainer{
 15 | 	
 16 | 	/* Syling the comments and the comment form container */
 17 | 	
 18 | 	padding:12px;
 19 | 	width:400px;
 20 | 	position:relative;
 21 | 	background-color:#fcfcfc;
 22 | 	border:1px solid white;
 23 | 	color:#888;
 24 | 	margin-bottom:25px;
 25 | 	
 26 | 	/* CSS3 rounded corners and drop shadows */
 27 | 	
 28 | 	-moz-border-radius:10px;
 29 | 	-webkit-border-radius:10px;
 30 | 	border-radius:10px;
 31 | 
 32 | 	-moz-box-shadow:2px 2px 0 #c2c2c2;
 33 | 	-webkit-box-shadow:2px 2px 0 #c2c2c2;
 34 | 	box-shadow:2px 2px 0 #c2c2c2;
 35 | }
 36 | 
 37 | .comment .avatar{
 38 | 
 39 | 	/*
 40 | 	/	The avatar is positioned absolutely, 
 41 | 	/	and offset outside the comment div
 42 | 	/*/
 43 | 
 44 | 	height:50px;
 45 | 	left:-70px;
 46 | 	position:absolute;
 47 | 	width:50px;
 48 | 	background:url('img/default_avatar.gif') no-repeat #fcfcfc;
 49 | 	
 50 | 	/* Centering it vertically: */
 51 | 	
 52 | 	margin-top:-25px;
 53 | 	top:50%;
 54 | 
 55 | 	-moz-box-shadow:1px 1px 0 #c2c2c2;
 56 | 	-webkit-box-shadow:1px 1px 0 #c2c2c2;
 57 | 	box-shadow:1px 1px 0 #c2c2c2;
 58 | }
 59 | 
 60 | .comment .avatar img{
 61 | 	display:block;
 62 | }
 63 | 
 64 | .comment .name{
 65 | 	font-size:20px;
 66 | 	padding-bottom:10px;
 67 | 	color:#ccc;
 68 | }
 69 | 
 70 | .comment .date{
 71 | 	font-size:10px;
 72 | 	padding:6px 0;
 73 | 	position:absolute;
 74 | 	right:15px;
 75 | 	top:10px;
 76 | 	color:#bbb;
 77 | }
 78 | 
 79 | .comment p,
 80 | #addCommentContainer p{
 81 | 	font-size:18px;
 82 | 	line-height:1.5;
 83 | 	overflow-x:hidden;
 84 | }
 85 | 
 86 | #addCommentContainer input[type=text],
 87 | #addCommentContainer textarea{
 88 | 
 89 | 	/* Styling the inputs */
 90 | 
 91 | 	display:block;
 92 | 	border:1px solid #ccc;
 93 | 	margin:5px 0 5px;
 94 | 	padding:3px;
 95 | 	font-size:12px;
 96 | 	color:#555;
 97 | 	font-family:Arial, Helvetica, sans-serif;
 98 | }
 99 | 
100 | #addCommentContainer textarea{
101 | 	width:300px;
102 | }
103 | 
104 | label{
105 | 	font-size:10px;
106 | }
107 | 
108 | label span.error{
109 | 	color:red;
110 | 	position:relative;
111 | 	right:-10px;
112 | }
113 | 
114 | #submit{
115 | 	
116 | 	/* The submit button */
117 | 	
118 | 	background-color:#58B9EB;
119 | 	border:1px solid #40A2D4;
120 | 	color:#FFFFFF;
121 | 	cursor:pointer;
122 | 	font-family:'Myriad Pro',Arial,Helvetica,sans-serif;
123 | 	font-size:14px;
124 | 	font-weight:bold;
125 | 	padding:4px;
126 | 	margin-top:5px;
127 | 
128 | 	-moz-border-radius:4px;
129 | 	-webkit-border-radius:4px;
130 | 	border-radius:4px;
131 | }
132 | 
133 | #submit:hover{
134 | 	background-color:#80cdf5;
135 | 	border-color:#52b1e2;
136 | }
137 | 
138 | /* The styles below are only necessary for the styling of the demo page: */
139 | 
140 | #main{
141 | 	position:relative;
142 | 	margin:0 auto;
143 | 	width:427px;
144 | }
145 | 
146 | h1{
147 | 	color:#7E94A2;
148 | 	font-size:30px;
149 | 	margin:50px 0 20px;
150 | }
151 | 
152 | h2{
153 | 	font-size:18px;
154 | 	margin-bottom:50px;
155 | }
156 | 
157 | h1,h2{
158 | 	font-family:"Myriad Pro",Arial,Helvetica,sans-serif;
159 | 	text-align:center;
160 | 	font-weight:normal;
161 | 	text-shadow:0 1px 1px #FFFFFF;
162 | }
163 | 
164 | a, a:visited {
165 | 	color:#0196e3;
166 | 	text-decoration:none;
167 | 	outline:none;
168 | }
169 | 
170 | a:hover{
171 | 	text-decoration:underline;
172 | }
173 | 
174 | a img{
175 | 	border:none;
176 | }


--------------------------------------------------------------------------------
/wooyun_final/t1.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hanc00l/wooyun_public/d950bb8fbad1649fd961de5413ee2c8de7fd7f85/wooyun_final/t1.ttf


--------------------------------------------------------------------------------
/wooyun_final/whitehat_detail.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | 
  3 | 
  4 | require('conn.php');
  5 | @$wybug_author0=isset($_GET['whitehat'])?$_GET['whitehat']:'路人甲';
  6 | @$wybug_author = str_replace("'","",$wybug_author0);
  7 | @$author = mysql_query("select * from bugs where wybug_author='".$wybug_author."'");
  8 | @$bugs_author=mysql_fetch_array($author);
  9 | @$whitehat1 = mysql_query("SELECT * from whitehats where whitehat ='".$wybug_author."'");
 10 | @$whitehats = mysql_fetch_array($whitehat1);
 11 | ?>
 12 | 
 13 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 14 | <html xmlns="http://www.w3.org/1999/xhtml">
 15 | <head>
 16 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 17 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 18 | <title> <?php echo @$bugs_author['wybug_author'];?> | 乌云网 | WooYun.org </title>
 19 | <meta name="author" content="80sec"/>
 20 | <meta name="copyright" content="http://www.wooyun.org/"/>
 21 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 22 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 23 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 24 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 25 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
 26 | 
 27 | <link href="css/whitehat_detail.css" rel="stylesheet" type="text/css"/>
 28 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 29 | </head>
 30 | <body id="bugDetail">
 31 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 32 | 
 33 | <div class="banner">
 34 | <div class="logo">
 35 | <h1>WooYun.org</h1>
 36 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 37 | </div>
 38 | 
 39 | 		</div>
 40 | 		
 41 | 				<div class="login">
 42 | 									<?php 				   if(isset($_SESSION['username'])){
 43 | 					 if(@$chk_count['is_fromwooyun'] == 1){
 44 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
 45 | 					 }
 46 | 					 else{
 47 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
 48 | 					 }
 49 |                   }else{
 50 | 					  echo '<a href="../login.php">登录</a> | <a class="reg">注册</a>';
 51 | 				  }
 52 | 				?>
 53 | 				</div>
 54 | 				</div>
 55 | 
 56 | 	<div class="nav" id="nav_sc">
 57 | 				<ul>
 58 | 			<li><a href="index.php">首页</a></li>
 59 | 			<li><a href="corps.php">厂商列表</a></li>
 60 | 			<li><a href="whitehats.php">白帽子</a></li>
 61 | 			<li><a>乌云榜</a></li> 
 62 |             <li><a>团队</a></li>
 63 |             <li><a href="bugs.php">漏洞列表</a></li>
 64 | 			<li class="new"><a>提交漏洞</a></li>
 65 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
 66 | 			<li><a>公告</a></li>
 67 | 		</ul>
 68 |         <form action="searchbug.php" method="get" id="searchbox">
 69 |             <input type="text" name="q" id="search_input" />
 70 |             <input type="submit" value="搜索" id="search_button" />
 71 |         </form>
 72 | 	</div>
 73 | 
 74 | 	<div class="bread" style="padding-top: 4px;">
 75 | 		<div style="float:left">当前位置：<a href="index.php">首页</a> >> <a href="whitehat_detail.php?whitehat=<?php echo @$whitehats['whitehat'];?>">白帽子信息</a></div>
 76 | 			</div>
 77 | <div class="content">
 78 | <!--头像标签开始-->
 79 | <div style="background-color:#F0F0F0;height:150px">
 80 |     <div>
 81 |      <img src="images/whitehat.jpg" style="float:left;padding:10px 0 10px 10px;width:120px;">
 82 | <!--头像标签结束-->
 83 |     </div>
 84 | 	 <div style="float:left;padding:10px 0 0 20px;">
 85 |      
 86 | 	 <span style="display:inline;"><a href="whitehat_detail.php?whitehat=<?php echo $whitehats['whitehat'];?>" style="font-size:20px;color:#000000"><strong><?php echo $whitehats['whitehat'];?></strong></a> <p style="display:inline;font-size:16px;color:#8E8E8E">( 路人 | Rank: <?php echo $whitehats['Ranks'];?> )</p></span>
 87 | 	 <p style="padding:8px 0 0 0;">他于 <?php echo @$whitehats['join_date'];?> 注册，已来到乌云 164 天</p>
 88 | 	 <p style="padding:8px 0 0 0;">个人主页: <a>http://</a></p>
 89 | 
 90 |     </div>
 91 | </div>
 92 | <div style="background-color:#F0F0F0;height:90px;">
 93 | 	 <div style="background-color:#E0E0E0;float:left;padding:10px 0 10px 20px;width:980px">
 94 |      
 95 | 	
 96 | 	 <p style="padding:0 0 3px 5px;">擅长领域</p>
 97 | 	 <p style="padding:5px 5px 5px 5px;background-color:#FFFFFF; width:140px"> 他暂时没有添加擅长领域 </p>
 98 | 
 99 |     </div>
100 | </div>
101 | 
102 | <div style="padding:0 0 200px 0;background-color:#d0d0d0;">
103 |  <ul class="tabs">
104 | <li>
105 | <input type="radio" name="tabs" id="tab1" checked />
106 | <label for="tab1">漏洞列表</label>
107 | <div id="tab-content1" class="tab-content">
108 | <p><ul style="font-size:14px;list-style:none;line-height:20px;">
109 | <li style="width:14.3%;height:20px;background-color:#C4C4C4;float:left" >提交日期</li>
110 | <li style="width:55%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.2%;" >漏洞名称</li> 
111 | <li style="width:20%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.2%;" >漏洞类型</li> 
112 | <li style="width:10%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.3%" >漏洞等级</li> 
113 | </ul>
114 | <?php    $num = "15"; //每页显示30条
115 | 		@$page=isset($_GET['page'])?intval($_GET['page']):1;				
116 | 		@$total=mysql_num_rows($author); //查询数据的总数total
117 |         $pagenum=ceil($total/$num);
118 | 		if(@$page>@$pagenum || $page == 0){
119 |            exit;
120 |         } 
121 |     @$offset=($page-1)*$num;
122 |     @$result_bugs22 = mysql_query("select * from bugs where wybug_author='".$wybug_author."' order by wybug_date desc limit $offset,15");
123 |   while(@$row22 = mysql_fetch_array($result_bugs22)){
124 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
125 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.$row22['wybug_date'].'</li>';
126 | 	 echo '<li  style="width:55%;height:25px;background-color:#FFFFFF;float:left" ><a href="bug_detail.php?wybug_id='.$row22['wybug_id'].'">'.$row22['wybug_title'].'</a></li>';
127 | 	  echo '<li  style="width:20%;height:25px;background-color:#FFFFFF;float:left" ><a>'.$row22['wybug_type'].'</a></li>';
128 | 	 echo '<li  style="width:10%;height:25px;background-color:#FFFFFF;float:left" >'.$row22['wybug_level'].'</li>';
129 | 	 echo '</ul>';
130 |  }
131 | 
132 | ?></p>
133 | <div  style="float:right;padding:10px 30px 0 0"><?php 
134 | @$page = $_GET['page']?$_GET['page']:1;//当前页数，默认是1
135 | if($page==1){
136 | 	$prepage=1;
137 | }else{
138 | 	$prepage=$page-1;
139 | }
140 | if($page==$pagenum){
141 | 	$nextpage=$pagenum;
142 | }else{
143 | 	$nextpage=$page+1;
144 | }
145 | echo '<center> 共 '.$total.' 条记录';
146 | echo '，'.$pagenum.' 页 ';
147 | echo '<a href="whitehat_detail.php?whitehat='.@$bugs_author['wybug_author'].'&page=1">首页</a>|';
148 | echo '<a href="whitehat_detail.php?whitehat='.@$bugs_author['wybug_author'].'&page='.$prepage.'">上一页</a>|';
149 | echo '<a href="whitehat_detail.php?whitehat='.@$bugs_author['wybug_author'].'&page='.$nextpage.'">下一页</a>|';
150 | echo '<a href="whitehat_detail.php?whitehat='.@$bugs_author['wybug_author'].'&page='.$pagenum.'">末页</a></center>';
151 | ?>
152 | </div>
153 | 
154 | 
155 | </div>
156 | </li>
157 | 
158 | <li>
159 | <input type="radio" name="tabs" id="tab2" />
160 | <label for="tab2">文章列表</label>
161 | <div id="tab-content2" class="tab-content">
162 | <p><ul style="font-size:14px;list-style:none;line-height:20px;">
163 | <li style="width:14.3%;height:20px;background-color:#C4C4C4;float:left" >提交日期</li>
164 | <li style="width:55%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.2%;" >标题</li> 
165 | <li style="width:20%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.2%;" >领域</li> 
166 | <li style="width:10%;height:20px;background-color:#C4C4C4;float:left;margin-left:0.3%" >回复</li> 
167 | </ul>
168 | <?php    
169 |     @$result_articles = mysql_query("select * from article where author_name='".$wybug_author."' order by article_id");
170 |   while(@$row23 = mysql_fetch_array($result_articles)){
171 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
172 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.$row23['date'].'</li>';
173 | 	 echo '<li  style="width:55%;height:25px;background-color:#FFFFFF;float:left" ><a href="../article.php?id='.$row23['article_id'].'">'.$row23['title'].'</a></li>';
174 | 	  echo '<li  style="width:20%;height:25px;background-color:#FFFFFF;float:left" ><a href="../area.php?id='.$row23['area_id'].'">'.$row23['area_name'].'</a></li>';
175 | 	 echo '<li  style="width:10%;height:25px;background-color:#FFFFFF;float:left" >'.$row23['comm_count'].'</li>';
176 | 	 echo '</ul>';
177 |  }
178 | 
179 | ?></p>
180 | 
181 | </div>
182 | </li>
183 | </ul>
184 | 			</div>
185 | 
186 | </div>
187 | 	<div id="footer" style="padding-top:320px;background-color:#E0E4E7">
188 |         <span class="copyright fleft">
189 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
190 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
191 |     	</span>
192 |         <span class="other fright" style="padding:0 0 0 0">
193 |                         <a>行业观点</a>
194 |             · <a>法律顾问</a>
195 |             · <a href="contact.php">联系我们</a>
196 |             · <a href="help.php">帮助</a>
197 |             · <a href="about.php">关于</a>
198 |         </span>
199 |     </div>
200 | <?php  mysql_close($conn);?>
201 | </body>
202 | </html>


--------------------------------------------------------------------------------
/wooyun_final/whitehats.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | 
  3 | require('conn.php');
  4 | 
  5 | ?>
  6 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  7 | <html xmlns="http://www.w3.org/1999/xhtml">
  8 | <head>
  9 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 10 | <meta http-equiv="x-ua-compatible" content="ie=7"/>
 11 | <title> 白帽子 | 乌云网 | WooYun.org </title>
 12 | <meta name="author" content="80sec"/>
 13 | <meta name="copyright" content="http://www.wooyun.org/"/>
 14 | <meta name="keywords" content="乌云官方漏洞,路人甲,未授权访问/权限绕过,wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。"/>
 15 | <meta name="description" content="|WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义"/>
 16 | <link rel="icon" href="/favicon.ico" sizes="32x32"/>
 17 | <link href="css/style_1.css" rel="stylesheet" type="text/css"/>
 18 | <link href="css/index.css" rel="stylesheet" type="text/css"/>
 19 | <script src="js/jquery-1.4.2.min_1.js" type="text/javascript"></script>
 20 | </head>
 21 | <body id="bugDetail">
 22 | <style>#myBugListTab{position:relative;display:inline;border:none}#myBugList{position:absolute;display:none;margin-left:309px;* margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }#myBugList li{text-align:left}</style>
 23 | 
 24 | <div class="banner">
 25 | <div class="logo">
 26 | <h1>WooYun.org</h1>
 27 | <div class="weibo"><iframe width="136" height="24" frameborder="0" allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="http://widget.weibo.com/relationship/followbutton.php?language=zh_cn&width=136&height=24&uid=1981622273&style=2&btn=red&dpc=1"></iframe>
 28 | </div>
 29 | 
 30 | 		</div>
 31 | 		
 32 | 				<div class="login">
 33 | 				<?php 				   if(isset($_SESSION['username'])){
 34 | 					 if(@$chk_count['is_fromwooyun'] == 1){
 35 | 						 echo '<p style="padding:5px 10px 0 0">欢迎白帽子 <a href="whitehat_detail.php?whitehat='.$_SESSION['username'].'">'.$_SESSION['username'].'</a> | <a href="logout.php">注销</a></p>';
 36 | 					 }
 37 | 					 else{
 38 | 					 echo  '<p style="padding:5px 10px 0 0">欢迎 '.$_SESSION['username'].' | <a href="logout.php">注销</a></p>';
 39 | 					 }
 40 |                   }else{
 41 | 					  echo '<a href="../login.php">登录</a> | <a class="reg">注册</a>';
 42 | 				  }
 43 | 				?>
 44 | 				
 45 | 				</div>
 46 | 				</div>
 47 | 
 48 | 	<div class="nav" id="nav_sc">
 49 | 				<ul>
 50 | 			<li><a href="index.php">首页</a></li>
 51 | 			<li><a href="corps.php">厂商列表</a></li>
 52 | 			<li><a href="whitehats.php">白帽子</a></li>
 53 | 			<li><a>乌云榜</a></li> 
 54 |             <li><a>团队</a></li>
 55 |             <li><a href="bugs.php">漏洞列表</a></li>
 56 | 			<li class="new"><a>提交漏洞</a></li>
 57 | 			<li><a href="../index.php" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">社区</a></li>
 58 | 			<li><a>公告</a></li>
 59 | 		</ul>
 60 |         <form action="searchbug.php" method="get" id="searchbox">
 61 |             <input type="text" name="q" id="search_input" />
 62 |             <input type="submit" value="搜索" id="search_button" />
 63 |         </form>
 64 | 	</div>
 65 | 
 66 | 	<div class="bread" style="padding-top: 4px;">
 67 | 		<div style="float:left">当前位置：<a href="index.php">WooYun</a> >> <a>白帽子信息</a></div>
 68 | 			</div>
 69 | <div class="content">
 70 | <div style="padding:0 0 695px 0;">
 71 | 
 72 | <input type="hidden" id="token" style="display:none" value="" />
 73 | 		<h3 style="font-size:18px;font:font:Microsoft YaHei,Helvetica,Arial,Sans-Serif;padding:0 0 5px 0">白帽子</h3>
 74 | 		<div  style="width:98%;text-align:left;font-size:15px;padding:5px 0 5px 10px;"><p style="line-height:35px;background-color:#BEBEBE;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WooYun将一切对安全极为感兴趣，对事物运行的原理有着天生的好奇心，愿意将技术回归技术，愿意为其他朋友做出贡献的人定义为白帽子，你可以通过在WooYun注册提交漏洞来成为白帽子中的一员</p>
 75 | 		</div>
 76 | <div class="wybug_date" style="padding:0 30px 0 30px;">
 77 | <input type="hidden" id="token" style="display:none" value="" />
 78 | <div class="wybug_date" style="padding:0 30px 0 30px;">
 79 | <ul style="font-size:14px;list-style:none;line-height:20px;">
 80 | <li style="width:19.3%;height:20px;background-color:#E0E0E0;float:left" >注册日期</li>
 81 | <li style="width:50%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >昵称</li> 
 82 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.2%" >提交漏洞数</li> 
 83 | <li style="width:15%;height:20px;background-color:#E0E0E0;float:left;margin-left:0.3%" >Rank值</li> 
 84 | </ul>
 85 | <?php    $num = "60"; //每页显示30条
 86 | 		@$page=isset($_GET['page'])?intval($_GET['page']):1;				
 87 | 		$total="9245"; //查询数据的总数total
 88 |         @$pagenum=ceil($total/$num);
 89 | 		if($page>$pagenum || $page == 0){
 90 |            exit;
 91 |         } 
 92 |   @$offset=($page-1)*$num;
 93 |   @$result_join_desc = mysql_query("select * from whitehats order by join_date asc limit $offset,30");
 94 |   while(@$row = mysql_fetch_array($result_join_desc)){
 95 | 	 echo '<ul style="font-size:12px;list-style:none;line-height:25px;">';
 96 | 	 echo '<li  style="width:20%;height:25px;background-color:#FFFFFF;float:left" >'.$row['join_date'].'</li>';
 97 | 	 echo '<li  style="width:50%;height:25px;background-color:#FFFFFF;float:left" ><a href="whitehat_detail.php?whitehat='.$row['whitehat'].'">'.$row['whitehat'].'</a></li>';
 98 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.$row['bug_count'].'</li>';
 99 | 	 echo '<li  style="width:15%;height:25px;background-color:#FFFFFF;float:left" >'.$row['Ranks'].'</li>';
100 | 	 echo '</ul>';
101 |  }
102 | 
103 | ?>
104 | 
105 | </div>
106 | <!--显示分页-start-->
107 | <div  style="float:right;padding:10px 30px 0 0"><?php 
108 | @$page = $_GET['page']?$_GET['page']:1;//当前页数，默认是1
109 | if($page==1){
110 | 	$prepage=1;
111 | }else{
112 | 	$prepage=$page-1;
113 | }
114 | if($page==$pagenum){
115 | 	$nextpage=$pagenum;
116 | }else{
117 | 	$nextpage=$page+1;
118 | }
119 | echo '<center> 共 9245 条记录';
120 | echo '，155 页 ';
121 | echo '<a href="whitehats.php?page=1">首页</a>|';
122 | echo '<a href="whitehats.php?page='.$prepage.'">上一页</a>|';
123 | echo '<a href="whitehats.php?page='.$nextpage.'">下一页</a>|';
124 | echo '<a href="whitehats.php?page='.$pagenum.'">末页</a></center>';
125 | 
126 | 
127 | ?>
128 | </div>
129 | <!--显示分页-end-->
130 | 
131 | 
132 | </div>
133 | <!--content-end-->
134 | </div>
135 | 	<div style="padding:110px 0 0 0;">
136 |         <span class="copyright fleft">
137 |     		Copyright &copy; 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
138 |     		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
139 |     	</span>
140 |         <span class="other fright" style="padding:20px 0 0 0">
141 |                         <a>行业观点</a>
142 |             · <a>法律顾问</a>
143 |             · <a href="contact.php">联系我们</a>
144 |             · <a href="help.php">帮助</a>
145 |             · <a href="about.php">关于</a>
146 |         </span>
147 |     </div>
148 | <?php  mysql_close($conn);?>
149 | </body>
150 | </html>


--------------------------------------------------------------------------------