Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit ab81542
Showing
34 changed files
with
1,852 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
src/config.php |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<?php $title = '關於本服務'; | ||
require 'src/header.php'; | ||
require 'src/common.php'; | ||
?> | ||
|
||
<header class="ts borderless extra padded massive center aligned fluid jumbotron"> | ||
<h1 class="ts header"><?=$title?></h1> | ||
</header> | ||
|
||
<section class="ts narrow container"> | ||
<h3 class="ts left aligned header">服務內容</h3> | ||
<div class="ts very padded segment"> | ||
<p>本產品提供台灣(中華民國)之個資外洩事件查詢以及個資外洩追蹤服務。</p> | ||
</div> | ||
</section> | ||
|
||
<section class="ts narrow container"> | ||
<h3 class="ts left aligned header">開發動機</h3> | ||
<div class="ts very padded segment"> | ||
<p>本作品為教育部資訊安全人才培育計畫 108年度新型態資安暑期課程 AIS3 2019 資安實務專題競賽之產物。</p> | ||
<p>主要想法構思來自 Have I Been Pwned 以及 Experian IdentityWorks 兩個網站。</p> | ||
</div> | ||
</section> | ||
|
||
<section class="ts narrow container" style="padding-bottom: 60px;"> | ||
<h3 class="ts left aligned header">技術細節</h3> | ||
<div class="ts very padded segment"> | ||
<p>根據<a href="https://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021">台灣個資法</a>規定之個資搜集方法過於複雜,故使用 SHA-1 雜湊函數將姓名以及身分證字號去識別化後回傳主機,同時也可避免開發者偷偷搜集使用者個資,增加使用者信任度。</p> | ||
</div> | ||
</section> | ||
|
||
<?php require 'src/footer.php'; ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<?php | ||
require_once '../src/common.php'; | ||
$res = []; | ||
if(is_sha1($_GET['hash'])){ | ||
$res = search($_GET['hash']); | ||
}else{ | ||
$res['status'] = '1'; | ||
$res['error'] = 'Field Error'; | ||
} | ||
|
||
echo json_encode($res); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<?php | ||
require_once '../src/common.php'; | ||
$res = []; | ||
|
||
$res['status'] = 0; | ||
if(!is_sha1($_GET['hash'])){ | ||
$res['status'] = '1'; | ||
$res['error'] = '雜湊值格式錯誤'; | ||
} | ||
|
||
if(!filter_var($_GET['email'], FILTER_VALIDATE_EMAIL)){ | ||
$res['status'] = '1'; | ||
$res['error'] = 'E-mail 格式錯誤'; | ||
} | ||
|
||
if($res['status'] != '1'){ | ||
$res = subscribe($_GET['name'], $_GET['email'], $_GET['hash']); | ||
} | ||
|
||
echo json_encode($res); |
Binary file not shown.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
<?php include 'src/config.php'; ?> | ||
<!DOCTYPE HTML> | ||
<html> | ||
<head> | ||
<title>台灣抓漏小天使</title> | ||
<meta charset="utf-8"> | ||
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css"> | ||
<link href="//fonts.googleapis.com/earlyaccess/notosanstc.css" rel="stylesheet" type="text/css"> | ||
<link rel="stylesheet" type="text/css" href="styles/tocas.css"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
<?php include 'src/og.php'; ?> | ||
<style> | ||
html, body | ||
{ | ||
height: 100%; | ||
width: 100%; | ||
} | ||
p | ||
{ | ||
/*font-family: Hacked;*/ | ||
font-size: 2em !important; | ||
padding-top: 7px; | ||
} | ||
.mobile p | ||
{ | ||
font-size: 1em !important; | ||
} | ||
h1 | ||
{ | ||
/*font-family: Hacked;*/ | ||
font-size: 5em !important; | ||
letter-spacing: 1px; | ||
} | ||
.mobile h1 | ||
{ | ||
font-size: 2em !important; | ||
} | ||
/* | ||
@font-face { | ||
font-family: Hacked; | ||
src: url(https://hackedfont.com/HACKED.ttf); | ||
} | ||
*/ | ||
</style> | ||
</head> | ||
<body style="background-image: url('images/main.jpg'); background-size: cover; background-repeat: no-repeat; background-position: center center"> | ||
<div style="position: absolute; width: 100%; height: 100%; background: radial-gradient(ellipse at center, rgba(0,0,0,0.50) 0%,rgba(0,0,0,0.65) 100%); display: flex; align-items: center; | ||
justify-content: center;flex-direction: column;text-align: center;"> | ||
|
||
<div class="large device only"> | ||
<h1 class="ts center aligned inverted header"> | ||
台灣抓漏小天使 | ||
<div class="sub header"> | ||
<p>個資外洩追蹤系統</p> | ||
</div> | ||
</h1> | ||
|
||
<br> | ||
<a href="search.php" class="ts inverted medium basic button">開始使用</a> | ||
<a href="about.php" class="ts inverted medium basic button">關於本服務</a> | ||
</div> | ||
|
||
<div class="mobile only"> | ||
<h1 class="ts center aligned inverted header mobile"> | ||
台灣抓漏小天使 | ||
<div class="sub header"> | ||
<p class="mobile">個資外洩追蹤系統</p> | ||
</div> | ||
</h3> | ||
|
||
<a href="search.php" class="ts inverted small basic button">開始使用</a> | ||
</div> | ||
|
||
</div> | ||
|
||
</body> | ||
</html> |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
User-agent: * | ||
Disallow: /verify.php | ||
Disallow: /src | ||
Disallow: /api |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
<?php $title = '搜尋洩漏紀錄'; | ||
require 'src/header.php'; | ||
require 'src/common.php'; | ||
?> | ||
|
||
|
||
<header class="ts borderless extra padded massive center aligned fluid jumbotron"> | ||
<h1 class="ts header"><?=$title?></h1> | ||
</header> | ||
|
||
<section class="ts narrow container"> | ||
<h3 class="ts left aligned header">搜尋表單</h3> | ||
<p>輸入姓名及身分證字號,網頁會將去識別化的運算結果回傳,不會將資料本身傳送給我們。<br>還是不放心嗎?<a href="search_step.php">這裡有分次操作的版本</a></p> | ||
<div class="ts negative message" id="missingkeyword1" style="display: none;"> | ||
<div class="header">缺少姓名</div> | ||
<p>請輸入姓名</p> | ||
</div> | ||
<div class="ts negative message" id="missingkeyword2" style="display: none;"> | ||
<div class="header">缺少身分證字號</div> | ||
<p>請輸入身分證字號</p> | ||
</div> | ||
<div class="ts negative message" id="breach" style="display: none;"> | ||
<div class="header">真是太糟糕了</div> | ||
<p>發現個資洩漏情形<br> | ||
已發現項目:<ul id="breach_list"></ul></p> | ||
</div> | ||
<div class="ts positive message" id="nobreach" style="display: none;"> | ||
<div class="header">搜索完畢</div> | ||
<p>您的個資目前未在大規模洩漏中找到,不過可能只是未被本網站發現<br>再接再厲,繼續保持。</p> | ||
</div> | ||
<div class="ts very padded segment"> | ||
<form class="ts form" action="javascript:one_step(this)"> | ||
<div class="two fields"> | ||
<div class="field"> | ||
<label>姓名<span style="color:red;">*</span></label> | ||
<input id="fullname"></input> | ||
</div> | ||
<div class="field"> | ||
<label>身分證字號<span style="color:red;">*</span></label> | ||
<input id="nid"></input> | ||
</div> | ||
</div> | ||
<button class="ts primary button" type="submit" id="search">搜尋</button> | ||
</form> | ||
</div> | ||
<script> | ||
let pre_defined_items = {'fb_id': 'Facebook ID', 'birth': '生日', 'address': '地址', 'phone': '電話', 'email': 'E-mail', 'name': '姓名', 'social_id': '身分證字號'}; | ||
function one_step(form){ | ||
$('#missingkeyword1').hide(); | ||
$('#missingkeyword2').hide(); | ||
if (form.fullname.value == ''){ | ||
$('#missingkeyword1').show(); | ||
}else if (form.nid.value == ''){ | ||
$('#missingkeyword2').show(); | ||
}else{ | ||
search(sha1(form.fullname.value+form.nid.value)); | ||
} | ||
return 0; | ||
} | ||
function search(hash){ | ||
$('#nobreach').hide(); | ||
$('#breach').hide(); | ||
$('#search').attr('disabled', true); | ||
$.getJSON('/api/search.php?hash=' + hash, function(res){ | ||
$('#search').attr('disabled', false); | ||
if (res.status == 0){ | ||
if (res.result.fields.length > 0){ | ||
$('#breach_list').innerHTML = ''; | ||
for (item of res.result.fields){ | ||
$('#breach_list').append('<li>' + pre_defined_items[item] + '</li>'); | ||
} | ||
$('#breach').show(); | ||
}else{ | ||
$('#nobreach').show(); | ||
} | ||
} | ||
}); | ||
} | ||
</script> | ||
</section> | ||
|
||
<?php require 'src/footer.php'; ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
<?php $title = '搜尋洩漏紀錄'; | ||
require 'src/header.php'; | ||
require 'src/common.php'; | ||
?> | ||
|
||
|
||
<header class="ts borderless extra padded massive center aligned fluid jumbotron"> | ||
<h1 class="ts header"><?=$title?></h1> | ||
</header> | ||
|
||
<section class="ts narrow container"> | ||
<h3 class="ts left aligned header">雜湊產生器</h3> | ||
<p>此方法可避免將個人資料直接回傳給我們<br>產生後請貼上到下方表單進行追蹤或搜尋<br>雜湊值產生方法為:<code>sha1(姓名+身分證)</code></p> | ||
<div class="ts negative message" id="missingkeyword1" style="display: none;"> | ||
<div class="header">缺少姓名</div> | ||
<p>請輸入姓名</p> | ||
</div> | ||
<div class="ts negative message" id="missingkeyword2" style="display: none;"> | ||
<div class="header">缺少身分證字號</div> | ||
<p>請輸入身分證字號</p> | ||
</div> | ||
<div class="ts positive message" id="hash_res" style="display: none;"> | ||
<div class="header">雜湊代碼</div> | ||
<p id="real_res"></p> | ||
</div> | ||
<div class="ts very padded segment"> | ||
<form class="ts form" action="javascript:gen_sha1(this)"> | ||
<div class="two fields"> | ||
<div class="field"> | ||
<label>姓名<span style="color:red;">*</span></label> | ||
<input id="fullname"></input> | ||
</div> | ||
<div class="field"> | ||
<label>身分證字號<span style="color:red;">*</span></label> | ||
<input id="nid"></input> | ||
</div> | ||
</div> | ||
<button class="ts primary button" type="submit">產生</button> | ||
</form> | ||
</div> | ||
<script> | ||
function gen_sha1(form){ | ||
$('#hash_res').hide(); | ||
if (form.fullname.value == ''){ | ||
$('#missingkeyword1').show(); | ||
}else if (form.nid.value == ''){ | ||
$('#missingkeyword2').show(); | ||
}else{ | ||
$('#real_res').text(sha1(form.fullname.value+form.nid.value)); | ||
$('#hash_res').show(); | ||
} | ||
return 0; | ||
} | ||
</script> | ||
</section> | ||
<section class="ts narrow container"> | ||
<h3 class="ts left aligned header">搜尋表單</h3> | ||
<p>產生後請貼上到下方表單進行追蹤或搜尋</p> | ||
<div class="ts negative message" id="missingkeyword3" style="display: none;"> | ||
<div class="header">缺少雜湊值</div> | ||
<p>請輸入雜湊代碼</p> | ||
</div> | ||
<div class="ts negative message" id="missingkeyword4" style="display: none;"> | ||
<div class="header">輸入錯誤</div> | ||
<p>雜湊代碼格式錯誤</p> | ||
</div> | ||
<div class="ts negative message" id="breach" style="display: none;"> | ||
<div class="header">真是太糟糕了</div> | ||
<p>發現個資洩漏情形<br> | ||
已發現項目:<ul id="breach_list"></ul></p> | ||
</div> | ||
<div class="ts positive message" id="nobreach" style="display: none;"> | ||
<div class="header">搜索完畢</div> | ||
<p>您的個資目前未在大規模洩漏中找到,不過可能只是未被本網站發現<br>再接再厲,繼續保持。</p> | ||
</div> | ||
<div class="ts very padded segment"> | ||
<form class="ts form" action="javascript:search(this)"> | ||
<div class="one fields"> | ||
<div class="field"> | ||
<label>雜湊代碼<span style="color:red;">*</span></label> | ||
<input id="hash" maxlength="40"></input> | ||
</div> | ||
</div> | ||
<button class="ts primary button" type="submit" id="search">搜尋</button> | ||
</form> | ||
</div> | ||
<script> | ||
let pre_defined_items = {'fb_id': 'Facebook ID', 'birth': '生日', 'address': '地址', 'phone': '電話', 'email': 'E-mail', 'name': '姓名', 'social_id': '身分證字號'}; | ||
function search(form){ | ||
$('#nobreach').hide(); | ||
$('#breach').hide(); | ||
$('#missingkeyword3').hide(); | ||
$('#missingkeyword4').hide(); | ||
$('#search').attr('disabled', true); | ||
$.getJSON('/api/search.php?hash=' + form.hash.value, function(res){ | ||
$('#search').attr('disabled', false); | ||
if (res.status == 0){ | ||
if (res.result.fields.length > 0){ | ||
$('#breach_list').innerHTML = ''; | ||
for (item of res.result.fields){ | ||
$('#breach_list').append('<li>' + pre_defined_items[item] + '</li>'); | ||
} | ||
$('#breach').show(); | ||
}else{ | ||
$('#nobreach').show(); | ||
} | ||
} | ||
}); | ||
} | ||
</script> | ||
</section> | ||
|
||
<?php require 'src/footer.php'; ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
|
||
<?xml version="1.0" encoding="UTF-8"?> | ||
<urlset | ||
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 | ||
http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"> | ||
<!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --> | ||
|
||
|
||
<url> | ||
<loc>https://breach.tw/</loc> | ||
<lastmod>2019-08-01T17:54:08+00:00</lastmod> | ||
<priority>1.00</priority> | ||
</url> | ||
<url> | ||
<loc>https://breach.tw/search.php</loc> | ||
<lastmod>2019-08-01T17:54:08+00:00</lastmod> | ||
<priority>0.80</priority> | ||
</url> | ||
<url> | ||
<loc>https://breach.tw/about.php</loc> | ||
<lastmod>2019-08-01T17:54:08+00:00</lastmod> | ||
<priority>0.80</priority> | ||
</url> | ||
<url> | ||
<loc>https://breach.tw/index.php</loc> | ||
<lastmod>2019-08-01T17:54:08+00:00</lastmod> | ||
<priority>0.64</priority> | ||
</url> | ||
<url> | ||
<loc>https://breach.tw/subscribe.php</loc> | ||
<lastmod>2019-08-01T17:54:08+00:00</lastmod> | ||
<priority>0.64</priority> | ||
</url> | ||
<url> | ||
<loc>https://breach.tw/search_step.php</loc> | ||
<lastmod>2019-08-01T17:54:08+00:00</lastmod> | ||
<priority>0.64</priority> | ||
</url> | ||
|
||
|
||
</urlset> |
Oops, something went wrong.