php curl 仿冒

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
2016-06-13 12:09:021250Durchsuche

php curl 伪造
http://www.yygh.net/index.php

直接表格提交,一直提示账号不存在。应该后台需要验证。


我想伪造Origin的来源。不知道这么设置origin的来源

$ch = curl_init(); //初始化
$this->url = "http://www.yygh.net/usercenter/userinfo_action.php";
$fields = 'actionpost=login&logintype=0&cardtype=1&userid=34262619702200379&pwd=123qwe&validate=cndm&imagesField.x=32&imageField.y=11';
curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields); 

curl_setopt($ch, 这里);
        
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
curl_setopt($ch, CURLOPT_URL, $this->url);


curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出

 $this->content=curl_exec($ch);
 curl_close($ch);
------解决思路----------------------

<?php<br />$cookie_file = dirname(__FILE__).'/cookie.txt';<br /><br />if(isset($_GET['verification'])) {<br />  $url = 'http://www.yygh.net/include/validateimg.php?' . rand();<br />  $ch = curl_init(); //初始化       <br />  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); <br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_exec($ch);<br />  curl_close($ch);<br />  exit;<br />}<br />if(! $_POST) {<br />  $url = "http://www.yygh.net/usercenter/userinfo_action.php";<br />  $ch = curl_init(); //初始化       <br />  curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookie_file); //存储cookies<br />  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0<br />  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '<br />  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名<br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出<br />  $content = curl_exec($ch);<br />  curl_close($ch);<br />echo <<< HTML<br /><form method=post><br /><img  src='?verification=1' alt="php curl 仿冒" ><br /><input type=text name=code><br /><input type=submit value=ok><br /></form><br />HTML;<br />  exit;<br />}else {<br />  $ch = curl_init(); //初始化       <br />  $url = "http://www.yygh.net/usercenter/userinfo_action.php";<br />  $fields = array(<br />    'actionpost' => 'login',<br />    'logintype' => 0,<br />    'cardtype' => 1,<br />    'userid' => '330724197712316212',<br />    'pwd' => '123qwe',<br />    'validate' => $_POST['code'],<br />    //cndm&imagesField.x=32&imageField.y=11';<br />  );<br />  curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式<br />  curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); <br />  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); //使用上面获取的cookies<br />  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0<br />  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '<br />  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名<br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出<br />  $content = curl_exec($ch);<br />  curl_close($ch);<br />  echo $content;  <br />}<br />

请核实用户信息的正确性

Stellungnahme:
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn