Merge pull request #124 from LoRexxar/develop

update 2.1.0.1
LoRexxar · Jan 14, 2021 · c24c6e8 · c24c6e8
2 parents ef053c8 + 2bd8454
commit c24c6e8
Show file tree

Hide file tree

Showing 19 changed files with 5,698 additions and 280 deletions.
diff --git a/Kunlun_M/settings.py.bak b/Kunlun_M/settings.py.bak
@@ -24,9 +24,9 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 SECRET_KEY = 'nothing'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = False
+DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ["*"]
 
 
 # Application definition

diff --git a/Kunlun_M/urls.py b/Kunlun_M/urls.py
@@ -25,4 +25,4 @@
     path('', include('web.index.urls')),
     path('dashboard/', include('web.dashboard.urls')),
     path('backend/', include('web.backend.urls')),
-] + static(settings.STATIC_URL,document_root=settings.STATICFILES_DIRS)
+] + static(settings.STATIC_URL,document_root=settings.STATICFILES_DIRS[0])
diff --git a/README.md b/README.md
@@ -228,6 +228,8 @@ python3 .\kunlun.py web 9999
 
 一个自动化寻找php反序列化链的简单模型
 
+** 如果是旧版本更新并使用该插件扫描同一目标，请使用-r参数renew数据库 **
+
 ```
 python3 .\kunlun.py plugin php_unserialize_chain_tools -t {target_path}
 ```
@@ -284,3 +286,4 @@ KunLun-M 是 404Team [星链计划](https://github.com/knownsec/404StarLink-Proj
 - Dubhe [Sissel](https://github.com/boke1208)
 - Dubhe [Sndav](https://github.com/Sndav)
 - [#jax777](https://github.com/jax777)
+- [akkuman](https://github.com/akkuman)
diff --git a/core/core_engine/php/parser.py b/core/core_engine/php/parser.py
@@ -860,6 +860,9 @@ def parameters_back(param, nodes, function_params=None, lineno=0,
                 if param_name in param_expr:
                     logger.debug("[AST] param {} in list {}, continue...".format(param_name, param_expr))
 
+                    is_co = 3
+                    cp = param
+
                 else:
                     for expr in param_expr:
                         param = expr
@@ -887,7 +890,7 @@ def parameters_back(param, nodes, function_params=None, lineno=0,
                             break
                         else:
                             file_path = os.path.normpath(file_path)
-                            code = "param {} find fail.continue".format(param)
+                            code = "param {} find fail. continue".format(param)
                             scan_chain.append(('FindEnd', code, file_path, node.lineno))
 
                             logger.debug("[AST] Uncontrollable  Param {}. continue ast.")

diff --git a/core/plugins/phpunserializechain/dataflowgenerate.py b/core/plugins/phpunserializechain/dataflowgenerate.py