I have an encrypted (ioncube) PHP file which I cannot modify, because I don't have the original source. I have to run that file in order to do stuff. The input is in XML type post request.
I can use
ob_start();
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();
to catch the output, but I don't know how to manipulate the input XML.
I'm currently using CURL to do a localhost post
private static function post($xml)
{
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => self::$site,
CURLOPT_PORT => 443,
CURLOPT_HTTPHEADER => array(
"Content-type: text/xml",
"Content-length: ".strlen($xml),
"Connection: close"),
CURLOPT_POSTFIELDS => $xml,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_FORBID_REUSE => 0,
CURLOPT_FRESH_CONNECT => 1
));
$data = curl_exec($ch);
if (curl_errno($ch))
$data = "ERROR:".curl_errno($ch);
curl_close($ch);
return $data;
}
This code works fine for a few connections, but when a large amount of user (between 100 and 500) tries to call this code the encrypted php starts returning wierd data (empty or non-XML return).
So the question is: How can I fake a php://input stream while using ob_start? Or any other solution for calling ioncube php file without decrypting it?
Since you call the ioncube file via include
file like this:
ob_start();
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();
You can simply force any $_POST
data which you need like this:
ob_start();
$_POST['some_key1'] = 'some_value1';
$_POST['some_key2'] = 'some_value2';
include("encoded.php");
$output = ob_get_contents();
ob_end_clean();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.