堆栈内存溢出
  简体   繁体   English

PHP将输入传递给加密的php文件(ioncube)

[英]PHP passing input to encrypted php file (ioncube)

 原文  2016-05-06 12:36:14       php

问题描述

I have an encrypted (ioncube) PHP file which I cannot modify, because I don't have the original source. 我有一个加密的(ioncube)PHP文件,我无法修改,因为我没有原始来源。 I have to run that file in order to do stuff. 我必须运行该文件才能完成任务。 The input is in XML type post request. 输入采用XML类型的post请求。

I can use 我可以用 

ob_start();
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();

to catch the output, but I don't know how to manipulate the input XML. 捕获输出,但我不知道如何操作输入XML。

I'm currently using CURL to do a localhost post 我目前正在使用CURL来做一个localhost帖子 

private static function post($xml)
{
    $ch = curl_init();

    curl_setopt_array($ch, array(
        CURLOPT_URL             => self::$site,
        CURLOPT_PORT            => 443,
        CURLOPT_HTTPHEADER      => array(
                                    "Content-type: text/xml",
                                    "Content-length: ".strlen($xml),
                                    "Connection: close"),
        CURLOPT_POSTFIELDS      => $xml,
        CURLOPT_POST            => true,
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_HTTPAUTH        => CURLAUTH_BASIC,
        CURLOPT_TIMEOUT         => 10,
        CURLOPT_SSL_VERIFYPEER  => 0,
        CURLOPT_SSL_VERIFYHOST  => 0,
        CURLOPT_FORBID_REUSE    => 0,
        CURLOPT_FRESH_CONNECT   => 1
    ));

    $data = curl_exec($ch);

    if (curl_errno($ch))
        $data = "ERROR:".curl_errno($ch);

    curl_close($ch);

    return $data;
}

This code works fine for a few connections, but when a large amount of user (between 100 and 500) tries to call this code the encrypted php starts returning wierd data (empty or non-XML return). 此代码适用于少数连接,但是当大量用户(100到500之间)尝试调用此代码时,加密的php开始返回奇怪的数据(空或非XML返回)。

So the question is: How can I fake a php://input stream while using ob_start? 所以问题是:在使用ob_start时如何伪造php://输入流? Or any other solution for calling ioncube php file without decrypting it? 或者任何其他解决方案调用ioncube php文件而不解密它?

1 个解决方案

解决方案1
 0  2016-05-06 15:38:06

Since you call the ioncube file via include file like this: 由于您通过include文件调用ioncube文件,如下所示: 

ob_start();
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();

You can simply force any $_POST data which you need like this: 你可以简单地强制你需要的任何$_POST数据,如下所示: 

ob_start();
$_POST['some_key1'] = 'some_value1';
$_POST['some_key2'] = 'some_value2';
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ioncube-混淆php文件中的单个函数 - ioncube - obfuscate a single function inside php file ioncube“路径/到/file.php已损坏”错误 - ioncube “the path/to/file.php is corrupted” error PHP IonCube 加载器错误 - PHP IonCube Loader Error 查找IonCube PHP文件 - Find IonCube PHP files 如何通过PHP代码显示ioncube解码的php文件? - How to display ioncube decoded php-file through PHP code? PHP 5.5的Ioncube难度 - Ioncube difficulty with PHP 5.5 IonCube PHP编码器 - IonCube php encoder PHP通过参数传递加密密码 - PHP passing encrypted password by parameter {file}需要安装ionCube PHP Loader ioncube_loader_lin_5.5.so - {file} requires the ionCube PHP Loader ioncube_loader_lin_5.5.so to be installed 加密的PHP文件问题 - Encrypted PHP file issue
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM