php curl 仿冒

WBOY
WBOY원래의
2016-06-13 12:09:021193검색

php curl 伪造
http://www.yygh.net/index.php

直接表格提交,一直提示账号不存在。应该后台需要验证。


我想伪造Origin的来源。不知道这么设置origin的来源

$ch = curl_init(); //初始化
$this->url = "http://www.yygh.net/usercenter/userinfo_action.php";
$fields = 'actionpost=login&logintype=0&cardtype=1&userid=34262619702200379&pwd=123qwe&validate=cndm&imagesField.x=32&imageField.y=11';
curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields); 

curl_setopt($ch, 这里);
        
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
curl_setopt($ch, CURLOPT_URL, $this->url);


curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出

 $this->content=curl_exec($ch);
 curl_close($ch);
------解决思路----------------------

<?php<br />$cookie_file = dirname(__FILE__).'/cookie.txt';<br /><br />if(isset($_GET['verification'])) {<br />  $url = 'http://www.yygh.net/include/validateimg.php?' . rand();<br />  $ch = curl_init(); //初始化       <br />  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); <br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_exec($ch);<br />  curl_close($ch);<br />  exit;<br />}<br />if(! $_POST) {<br />  $url = "http://www.yygh.net/usercenter/userinfo_action.php";<br />  $ch = curl_init(); //初始化       <br />  curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookie_file); //存储cookies<br />  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0<br />  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '<br />  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名<br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出<br />  $content = curl_exec($ch);<br />  curl_close($ch);<br />echo <<< HTML<br /><form method=post><br /><img  src='?verification=1' alt="php curl 仿冒" ><br /><input type=text name=code><br /><input type=submit value=ok><br /></form><br />HTML;<br />  exit;<br />}else {<br />  $ch = curl_init(); //初始化       <br />  $url = "http://www.yygh.net/usercenter/userinfo_action.php";<br />  $fields = array(<br />    'actionpost' => 'login',<br />    'logintype' => 0,<br />    'cardtype' => 1,<br />    'userid' => '330724197712316212',<br />    'pwd' => '123qwe',<br />    'validate' => $_POST['code'],<br />    //cndm&imagesField.x=32&imageField.y=11';<br />  );<br />  curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式<br />  curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); <br />  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); //使用上面获取的cookies<br />  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0<br />  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '<br />  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名<br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出<br />  $content = curl_exec($ch);<br />  curl_close($ch);<br />  echo $content;  <br />}<br />

请核实用户信息的正确性

성명:
본 글의 내용은 네티즌들의 자발적인 기여로 작성되었으며, 저작권은 원저작자에게 있습니다. 본 사이트는 이에 상응하는 법적 책임을 지지 않습니다. 표절이나 침해가 의심되는 콘텐츠를 발견한 경우 admin@php.cn으로 문의하세요.