[英]PHP passing input to encrypted php file (ioncube)
I have an encrypted (ioncube) PHP file which I cannot modify, because I don't have the original source. 我有一个加密的(ioncube)PHP文件,我无法修改,因为我没有原始来源。 I have to run that file in order to do stuff.
我必须运行该文件才能完成任务。 The input is in XML type post request.
输入采用XML类型的post请求。
I can use 我可以用
ob_start();
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();
to catch the output, but I don't know how to manipulate the input XML. 捕获输出,但我不知道如何操作输入XML。
I'm currently using CURL to do a localhost post 我目前正在使用CURL来做一个localhost帖子
private static function post($xml)
{
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => self::$site,
CURLOPT_PORT => 443,
CURLOPT_HTTPHEADER => array(
"Content-type: text/xml",
"Content-length: ".strlen($xml),
"Connection: close"),
CURLOPT_POSTFIELDS => $xml,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_FORBID_REUSE => 0,
CURLOPT_FRESH_CONNECT => 1
));
$data = curl_exec($ch);
if (curl_errno($ch))
$data = "ERROR:".curl_errno($ch);
curl_close($ch);
return $data;
}
This code works fine for a few connections, but when a large amount of user (between 100 and 500) tries to call this code the encrypted php starts returning wierd data (empty or non-XML return). 此代码适用于少数连接,但是当大量用户(100到500之间)尝试调用此代码时,加密的php开始返回奇怪的数据(空或非XML返回)。
So the question is: How can I fake a php://input stream while using ob_start? 所以问题是:在使用ob_start时如何伪造php://输入流? Or any other solution for calling ioncube php file without decrypting it?
或者任何其他解决方案调用ioncube php文件而不解密它?
Since you call the ioncube file via include
file like this: 由于您通过
include
文件调用ioncube文件,如下所示:
ob_start();
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();
You can simply force any $_POST
data which you need like this: 你可以简单地强制你需要的任何
$_POST
数据,如下所示:
ob_start();
$_POST['some_key1'] = 'some_value1';
$_POST['some_key2'] = 'some_value2';
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.