XSS platform deployment document

Author: Str0ng team: www.anying.org reprinted, please note that violators must investigate
Original article: http://www.anying.org/thread-40882-1-1.html

QQ weibo: http://t.qq.com/F4ck_Str0ng

0x00 Preface
0x01 space class
0x02 VPS
0x03 SAE class

0x00 Preface


I haven't had much time to sort out and write these complicated things since I went to work. I think this article is available on the Internet and I copied it after testing it myself. Others are original, reprinted. Please keep the ID. Thank you very much. It is the smartest choice to use SAES like me, but if there is a domain name for which SAES are not filed, don't try to bind it. One is very slow, the second is that kidney beans consume a lot of resources. For example, if you have VPS, you can use VPS directly. Finally, let's talk about friends who use space. We are limited by space providers, so solve some problems by yourself, xsser. the source code of me has not been successfully implemented in the space, because it requires support for URL redirection... However, if you use space to build a project, we can talk about it. I hope you can give your comments or suggestions for this article. You can also share your experiences or experiences in setting up the XSS platform so that we can learn together.





0X01 space class

The program I use is as follows:

Xssing @ Yaseng


The spatial environment is 2k3 + iis6.0

Http://www.webweb.com/not just for advertising build testing

First, test the xssing Source Code address.
Http://code.google.com/p/xssing/

Some of the author's frequently asked questions have been clearly written.

 

First, go to \ xssing1.3 \ apps \ index \ action \ User. Action. php to modify the following items:


The Admin parameter can be customized, for example, to sb or you can leave the default value unchanged.


\ Xssing1.3 \ config \ mysql. php
Open edit and fill in the corresponding database information



\ Xssing1.3 \ uauc \ define. php


Modify your current URL

At this point, the modification part of the file is complete. Then, set \ xssing1.3 \ xing. SQL

Xing. SQL import database


Import the corresponding database name to the database
Then upload the modified xssing.

I have omitted the FTP part. This is too Nima to simply go to Baidu.


After the setup is successful, go to the registration address you just changed to get the registration code for registration.
Http: // your address //? M = user & a = get_incode & token = Your modified parameter & n = 10




Test successful

Inserted data





0X02, VPS

1) Apache bad environment

Xsser. me setup process:
1. First, set up the php environment. Here we use the wamp2.2 version to easily build the php environment.

2. Download The xsser. me source code and decompress it to the corresponding directory.
Here I copied only the "xssplatform" directory and renamed it "xss ".
Then, use phpMyAdmin to create a new database in mysql and import the "xssplatform. SQL" file in the directory to the database.


3. Click execute to view the created table.

4. Execute the following SQL statement and change it to your own domain name. Here I use the environment built on the local host. Therefore, the IP address "192.168.0.104" is used directly ".
"UPDATE oc_module SET code = REPLACE (code, 'HTTP: // xsser. me', 'HTTP: // 192.168.0.104/xss ')"


5. Repair the cong. php file under the directory of the website, and modify the following items based on the actual situation and comments.

6. Test the website and register a new account:

7. When you submit the old version for registration here, click submit for registration and the system will not respond. Check the source code and you will find that 'Type = "button" '. You must change it to "submit" to submit it. I have an old version, but I cannot change it. O (T Branch) o!

8. Find the directory shown below to find the file. Then, you can directly change the type to "submit ". Then, refresh the page to register. However, this file is a temporary file. This problem may occur when the file is regenerated, so you need to modify the type in the source file.
Directory of temporary files:









Directory of the source file:



9. Create a project and test it. Check whether the platform is set up.


10. When we want to use the following address for xss, We need to rewrite the url. You only need to create a ". htaccess" file under the website directory.


The file content is as follows:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^ ([0-9a-zA-Z] {6}) $ index. php? Do = code & urlKey = $1
RewriteRule ^ do/auth/(\ w + ?) (/Domain/([\ w \.] + ?))? $ Index. php? Do = do & auth = $1 & domain = $3
RewriteRule ^ register /(.*?) $ Index. php? Do = register & key = $1
RewriteRule ^ register-validate /(.*?) $ Index. php? Do = register & act = validate & key = $1
RewriteRule ^ login $ index. php? Do = login
</IfModule>
11. Create an html file and access the html file in the browser. Test the file.



12. The test is successful. Next, you need to authorize yourself and then issue the invitation code. In the user table, set the value of adminLevel to 1. In phpmyadmin, double-click to modify it. Or execute an SQL statement.
"UPDATE 'xss'. 'Oc _ user' SET 'adminlevel' = '1' WHERE 'Oc _ user'. 'id' = 1 LIMIT 1 ;".

13. Then, modify the config. php file. After the configuration is registered, only registration is allowed. Then log on again.

14. Then access "http: // 192.168.0.104/xss/index. php? On the do = user & act = invite page, issue the invitation code.

The temporary file on this page is similar to the modification of the source file in the following two files.


15. If you enter the invitation code randomly, the following prompt will appear:

Use the correct invitation to register one:





2). IIS (this article is from 2cto)

Lmy shares the following issues and solutions during the setup process:
 
========================================================
Prelude:
 
1. Use the command to decompress xssplatform.zip, and then modify the database connection fields in config. php, including the user name, password, database name, access URL start and pseudo-static settings.
2. There is an xssplatform. SQL in the web root directory, import it to the database, and then import data. SQL (pay attention to the Order)
3. Go to the database and execute the statement to change the domain name to your own.
 
UPDATE oc_module SET
Code = REPLACE (code, 'HTTP: // xsser. me', 'HTTP: // yourdomain/xsser ')
I. When a user is registered at the beginning of the period, clicking [Submit for registration] does not respond. The solution is as follows: find register.html under the themes \ default \ templatesdirectory and modify <input id = "btnRegister" type = "button" onclick = "Register ()" value = "Submit Registration"/>
Change
 
<Input id = "btnRegister" type = "submit" onclick = "Register ()" value = "submit Registration"/>
========================================================== ============================
 
2: The next thing that hurts is the short link 404. I found a lot of rewrites in the community and did not test IIS successfully. I finally solved the problem.
 
The following conditions occur:
 
Http://XXXXX.XXX/Ft3Su0? 1371909034 connection 404
 
Http://xxxxx.XXX/index.php? Do = code & urlKey = Ft3Su0 is normal.
 
Solution:
 
1. Download ISAPI Rewrite3 full version
 
: Http://www.bkjia.com/soft/201307/40397.html
 
Install ISAPI_Rewrite3_0073.msi.
C: \ Program Files \ Helicon \ ISAPI_Rewrite3 (installed by default)
Copy ISAPI_Rewrite.dll in the rar package and ISAPI_RewriteSnapin.dll in the green folder in the package to overwrite the program directory (back up first ).
Remember to give the ISAPI_Rewrite3 software the read permission of the network service installation directory. The rar package contains the installation instructions.
 
After the operation, open Helicon Manager.exe and find your website. Then, click the edit button on the right and paste the following rules.
 
Rewrite Rules: RewriteEngine On
 

RewriteRule ^([0-9a-zA-Z]{6})$ /index.php?do=code&urlKey=$1 [L]  RewriteRule ^do/auth/(\w+?)(/domain/([\w\.]+?))?$  /index.php?do=do&auth=$1&domain=$3 [L]  RewriteRule ^register/(.*?)$ /index.php?do=register&key=$1 [L]  RewriteRule ^register-validate/(.*?)$ /index.php?do=register&act=validate&key=$1 [L]

 
Restart IIS.


0x03 SAE Sina cloud

The establishment of the SAE class @ miracle has encapsulated the code for us. You can apply for an SAE cloud, create a project, upload the code, and install it following the steps below.
Step 1: import the database file Step 2: Execute SQL to replace the xsser written in the database. me SQL: UPDATE oc_module SET code = REPLACE (code, 'HTTP: // xsser. me ', 'HTTP: // You know .sinaapp.com'); Step 3: Modify the email address and password in the configuration file, config. the last two to three rows of the PHP file .. Modify $ config ['urlroot'] For your domain name Step 4: Make sure you have initialized mysql and memcache on your sae. If you have any problems, please follow my microblog and @ Qi Ji 2010

Are you sure you have followed my weibo account? Then download and click
Download: click (installation steps are similar to config. php need to add database-related configuration, refer to the http://zone.wooyun.org/content/3897)
Download the BAE version: click (the installation steps are basically the same as those in config. php. You need to add database-related configurations and parameters related to sending emails at the end of init. php)
Access the whiteboard after BAE installation: I have hidden the default access. Please add/index. php? Do = login