看那个文件,重点在get(url)的函数中,百度查了一下,发现了有趣的知识,curl导致SSRF漏洞。然后复现一下这个漏洞。 漏洞代码如下: function curl($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); $re = curl_exec($ch); curl_close($ch);...
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $_GET['url']); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); ?> 测试漏洞: 在输入INFO后,获得输出,证明dict协议的可用性。 在这个环境中我还是无法直接写入?,我们可以利用编码,在这里我利用的是\x十六进制编码...
PHP $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $_GET['url']); #curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 0); #curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); curl_exec($ch); curl_close($ch); ?> 在PHPStu...
= "我要玩原神"$post.="m[]=".urlencode("100%") ."&m[]=".urlencode("love100%".md5("100%"));echo''.'URL: '.$challenge_url.$get.'';echo'POST Data: '.$post.'';$curl=curl_init();curl_setopt_array($curl, [ CURLOPT_URL =>$challenge_url.$get, CURLOPT_RETURNTRANSFER =>tru...
$curl = curl_init(); #curl_setopt( $curl, CURLOPT_PROXY, "127.0.0.1:8080" ); curl_setopt( $curl, CURLOPT_URL, $url ); curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true ); //普通数据 curl_setopt( $curl, CURLOPT_POSTFIELDS, http_build_query( $requestData ) ); ...
$ch = curl_init($url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', ...
<?php class UserInfo { public $name = ""; public $age = 0; public $blog = ""; public function __construct($name, $age, $blog) { $this->name = $name; $this->age = (int)$age; $this->blog = $blog; } function get($url) { $ch = curl_init(); curl_setopt($ch, CURLOP...
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $output = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); if($httpCode == 404) { return 404;
curl -O -L https://mirrors.tuna.tsinghua.edu.cn/kernel/v5.x/linux-5.9.8.tar.xz unxz linux-5.9.8.tar.xz tar -xf linux-5.9.8.tar 进入项目文件夹,进行 makefile 配置 cdlinux-5.9.8 make menuconfig 在其中勾选 Kernel hacking -> Compile-time checks and compiler options -> Compile the ...
\'0-9"`&$.,|^[{_zdxfegavpos\x7F]+/i',$_)||@strlen(count_chars(strtolower($_),3))>13||@strlen($_)>19){exit($secret);}else{$ch=curl_init();@curl_setopt($ch,CURLOPT_URL,str_repLace("int",":DD",str_repLace("%69%6e%74","XDDD",str_repLace("%2e%2e","Q___Q",...