search

Arachni / arachni

Web Application Security Scanner Framework
http://www.arachni-scanner.com
Other
3.78k stars 764 forks source link

arachni scan this js file and stop #968

Open willisfeng opened 6 years ago

willisfeng commented 6 years ago 
C:\arachni\bin>arachni   http://192.168.2.54/jjsloginstatic
/js/common/comm_workname.js
Arachni - Web Application Security Scanner Framework v1.5.1
   Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki

 [~] No checks were specified, loading all.
 [~] No element audit options were specified, will audit links, forms, cookies,
UI inputs, UI forms, JSONs and XMLs.

 [*] Initializing...
 [*] Preparing plugins...
 [*] ... done.
 [*] BrowserCluster: Initializing 6 browsers...
 [*] BrowserCluster: Spawned #1 with PID 7708 [lifeline at PID 7848].
 [*] BrowserCluster: Spawned #2 with PID 6992 [lifeline at PID 6316].
 [*] BrowserCluster: Spawned #3 with PID 5884 [lifeline at PID 7124].
 [*] BrowserCluster: Spawned #4 with PID 480 [lifeline at PID 7568].
 [*] BrowserCluster: Spawned #5 with PID 580 [lifeline at PID 6720].
 [*] BrowserCluster: Spawned #6 with PID 7060 [lifeline at PID 7192].
 [*] BrowserCluster: Initialization completed with 6 browsers in the pool.

 [*] [HTTP: 200] http://192.168.2.54/jjsloginstatic/js/common/comm_workname.js
 [~] Identified as: nginx

comm_workname.js  code:
var select_styles = '<style type="text/css">.ui-autocomplete{background:#fff;border:1px solid #7f9db9;position:absolute;z-index:99999;top:21px;left:1px;max-height:150px;overflow-y:auto;overflow-x:hidden;display:none}.ui-autocomplete a{display:block;padding:0 5px;width:100%;height:22px;line-height:22px;overflow:hidden;text-indent:5px;color:#333}.ui-autocomplete div{color:#f00;height:22px;line-height:22px;text-align:center;}.ui-autocomplete a:hover{background:#f0f0f0}.ui-autocomplete a.getaway,.ui-autocomplete a.getaway:hover{color:#f00;}</style>';
jQuery('head').append(select_styles);
//jQuery.getScript("/js/common/jquery-autocom.min.js");
//2013-11-19 14:50:09 罗铭豪野修改的 
jQuery.ajax({
    url: "/js/common/jquery-autocom.min.js",
    dataType: "script",
    async:false
});
function getWorkName(options){
    options = options || {};
    var dateType = {
        1:"/jjslogin/workersearch",
        2:"/v/deptworker/ajaxgetworkershang",
        3:"/v/deptworker/ajaxGetManager2",
        4:"/v/deptworker/ajaxGetManager3"
    };
    var _thisId = jQuery('#'+options.thisId+''),
    noData = {value: "没有数据"},
    htmls='',wrap = jQuery('<div class="workname-select"></div>'),
    valiBorwser = true,
    href = window.location.host.indexOf('i.jjshome.com') > -1,
    ifok =  valiBorwser || !href || !options.login;
    _thisId.keyup(function(e){
        var key = e.keyCode;
        if(key == 8){
            options.deptId ? jQuery('#'+options.deptId+'').val("") : null;
            options.deptName ? jQuery('#'+options.deptName+'').val("") : null;
            options.deptNumber ? jQuery('#'+options.deptNumber + '').val(""):null;
            jQuery('#'+options.workerId+'').val("")
            jQuery(".ui-autocomplete").hide();
        }
    });
    if(ifok){
        _thisId.autocomplete({
            source: function(request,response) {
                jQuery.ajax({
                    type: "POST",
                    url: dateType[options.dateType],
                    dataType:'json',
                    data:options.searchKey!='undefined'? {workerStr: jQuery.trim(_thisId.val()),searchType:3,searchKey:options.searchKey,type:options.includeLz,companyId:options.companyId}:{workerStr:jQuery.trim(_thisId.val()),type:options.includeLz,companyId:options.companyId},
                    success: function(data) {
                        if(data.workerArr && data.workerArr.length>0){
                            response( jQuery.map(data.workerArr,function(item ){
                                if(!options.login){
                                    return {
                                        value: item.workerName,
                                        label: item.workerName,
                                        workerId : item.workerId,
                                        deptName : item.deptName,
                                        deptId : item.deptId,
                                        id :item.id,
                                        status:item.workerStatus,
                                        deptNumber:item.deptNumber
                                    }
                                }else{
                                    return {
                                        value: ''+item.deptName+'--'+item.workerName+'',
                                        label: item.workerName,
                                        workerId : item.workerId,
                                        deptName : item.deptName,
                                        deptId : item.deptId,
                                        id :item.id,
                                        deptNumber:item.deptNumber
                                    }
                                }
                            }));
                        }else{
                            response( jQuery.map(noData,function(item ){
                                return {
                                    value: item
                                }
                            }));

                        }
                    }
                });
            },
            minLength:1,
            select: function( event, ui ){
                if(options.callback){
                    options.callback(ui.item);
                    return false;
                }
                else if(ui.item.value == noData.value){
                    return false;
                }else{
                    var workerId;
                    options.login ? workerId = ui.item.id : workerId = ui.item.workerId;
                    options.workerId ? jQuery("#"+options.workerId+"").val(workerId).triggerHandler('change'):null;
                    options.deptName ? jQuery("#"+options.deptName+"").val(ui.item.deptName):null;
                    options.deptId ? jQuery("#"+options.deptId+"").val(ui.item.deptId):null;
                    options.deptNumber ? jQuery("#"+options.deptNumber+"").val(ui.item.deptNumber):null;
                    if(jQuery("#password").length > 0){
                        jQuery("#password").focus();
                    } else {
                        jQuery("#"+options.thisId).blur();
                    }

                }
            }
        }).data("ui-autocomplete")._renderItem = function(ul, item){
            var e = jQuery("<li>"), deptName = item.deptName || '';
            var status = item.status || 1;
            if(options.login) {
               return e.append("<a href='javascript:;' title="+item.value+">"+ item.value + "</a>"),e.appendTo(ul);
            } else {
                if(status !=1 ) {
                    return e.append("<a href='javascript:;' class='getaway' title="+deptName+"--"+item.value+">"+deptName+"--"+ item.value + "</a>"),e.appendTo(ul)
                } else {
                    return e.append("<a href='javascript:;' title="+deptName+"--"+item.value+">"+deptName+"--"+ item.value + "</a>"),e.appendTo(ul)
                }

            }
            //return options.login ? e.append("<a href='javascript:;' title="+item.value+">"+ item.value + "</a>") : e.append("<a href='javascript:;' title="+deptName+"--"+item.value+">"+deptName+"--"+ item.value + "</a>"),e.appendTo(ul);
        };
    }else{
        _thisId.autocomplete({
            source: function(request,response) {
                jQuery.ajax({
                    type: "POST",
                    url: dateType[3],
                    dataType:'json',
                    data:{workerStr:jQuery.trim(_thisId.val())},
                    success: function(data) {
                        if(data.workerArr){
                            response( jQuery.map(data.workerArr,function(item ){
                                return {
                                    value: ''+item.deptName+'--'+item.workerName+'',
                                    label: item.workerName,
                                    id :item.id
                                }
                            }));
                        }else{
                            response( jQuery.map(noData,function(item ){
                                return {
                                    value: item
                                }
                            }));

                        }
                    }
                });
            },
            minLength:1,
            select: function( event, ui ){
                if(ui.item.value == noData.value){
                    return false;
                }else{
                    jQuery("#"+options.workerId+"").val(ui.item.id);
                }
                if(jQuery("#password").length > 0){
                    jQuery("#password").focus();
                }
            }
        }).data("ui-autocomplete")._renderItem = function(ul, item){
            var e = jQuery("<li>");
            return  e.append("<a href='javascript:;' title="+item.value+">"+ item.value + "</a>"),e.appendTo(ul);;
        };
    }
}

//检索部门
function getDeptName(options){
    options = options || {};
    var _thisId = jQuery('#'+options.thisId+''),
        noData = {value: "没有数据"},
        htmls='',wrap = jQuery('<div class="workname-select"></div>');
    _thisId.keyup(function(e){
        var key = e.keyCode;
        if(key == 8){
            options.deptId ? jQuery('#'+options.deptId+'').val("") : null;
            options.deptName ? jQuery('#'+options.deptName+'').val("") : null;
            jQuery('#'+options.workerId+'').val("")
            jQuery(".ui-autocomplete").hide();
        }
    });
    _thisId.autocomplete({
        source: function(request,response) {
            jQuery.ajax({
                type: "POST",
                url: "/v/deptworker/ajaxgetdept",
                dataType:'json',
                data:{deptStr:jQuery.trim(_thisId.val())},
                success: function(data) {
                    if(data.deptArr){
                        response( jQuery.map(data.deptArr,function(item ){
                            return {
                                value: item.deptName,
                                label: item.deptName,
                                deptId : item.olddeptId
                            }
                        }));
                    }else{
                        response( jQuery.map(noData,function(item ){
                            return {
                                value: item
                            }
                        }));

                    }
                }
            });
        },
        minLength:1,
        select: function( event, ui ){
            if(ui.item.value == noData.value){
                return false;
            }else{
                options.deptId ? jQuery("#"+options.deptId+"").val(ui.item.deptId):null;
                if(jQuery("#password").length > 0){
                    jQuery("#password").focus();
                }
            }
        }
    }).data("ui-autocomplete")._renderItem = function(ul, item){
        var e = jQuery("<li>"), deptName = item.deptName || '';
        if(options.login) {
            return e.append("<a href='javascript:;' title="+item.value+">"+ item.value + "</a>");
        } else {
            return e.append("<a href='javascript:;' title="+item.value+">"+ item.value + "</a>"), e.appendTo(ul);
        }
        // return options.login ? e.append("<a href='javascript:;' title="+item.value+">"+ item.value + "</a>") : e.append("<a href='javascript:;' title="+item.value+">"+ item.value + "</a>"),e.appendTo(ul);
    };
}
Zapotek commented 6 years ago

I don't think it has anything to do with that file, JS scripts as pages are just text, nothing to be done about them. Only when loaded as part of other pages from inside the browser are they treated as code.

Are you sure nothing else is going on somehow? Network issue or firewall or something?