PHP页面跳转与跨站提交伪造Referer地址来源
一、尝试过的URL跳转方法 ,代码如下:
echo '<meta http-equiv="refresh" content="0; URL=' . $url . '">' ; echo '<scrīpt language="Javascrīpt">window.location.href="' . $url . '";</scrīpt>' ; echo '<script language="Javascrīpt">window.location.replace="' . $url . '";</ script>' ;以上三种方法均无法传递REFERER地址.
二、使用PHP Socket函数伪造REFER
下面是PHP伪造REFERER代码部分,经过测试可以实现REFERER地址传递,其中$url是输入地址,代码如下:
$uinfo = parse_url ( $url ); //解析URL地址,比如http://phpfensi测试数据/archives/1.html if ( $uinfo [ 'path' ]) // $data = $uinfo [ 'path' ]; //这里得到/archives/1.html else $data = '/' ; //默认根 if (! $fsp = @ fsockopen ( $uinfo [ 'host' ], (( $uinfo [ 'port' ]) ? $uinfo [ 'port' ] : "80" ), $errno , $errstr , 12)){ echo "对不起对方网站暂时无法打开,请您稍后访问:" . $uinfo [ 'host' ]; exit ; } else { fputs ( $fsp , "GET [.$data .] HTTP/1.0rn" ); //如果是跨站POST提交,可使用POST方法 fputs ( $fsp , "Host: " . $uinfo [ 'host' ]. "rn" ); fputs ( $fsp , "Referer: phpfensi测试数据rn" ); //伪造REFERER地址 fputs ( $fsp , "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)rnrn" ); $res = '' ; while (! feof ( $fsp )) { $res .= fgets ( $fsp , 128); if ( strstr ( $res , "200 OK" )) { header( "Location:$url" ); exit ; } } } //如果是301或302状态码可以继续处理 //开源代码phpfensi测试数据 //返回地址大概形式:HTTP/1.1 301 Moved PermanentlynContent-Length: 164nContent-Type: text/htmlnLocation: http://phpfensi测试数据/ $arr = explode ( "n" , $res ); $arr = explode ( ": " , $arr [3]); //Location后面是真实重定向地址 header( "location:" . $arr [0]); //跳转目标地址 exit ;利用另一种方法 curl)伪造HTTP_REFERER,代码如下:
//PHP(前提是装了curl): $ch = curl_init(); curl_setopt ( $ch , CURLOPT_URL, "http://HdhCmsTestphpfensi测试数据/" ); curl_setopt ( $ch , CURLOPT_REFERER, "http://HdhCmsTestphpfensi测试数据/" ); curl_exec ( $ch ); curl_close ( $ch ); //PHP(不装curl用sock) $server = 'blog.qita.in' ; $host = 'blog.qita.in' ; $target = '/xxx.asp' ; $referer = 'http://HdhCmsTestbaidu测试数据/' ; // Referer $port = 80; $fp = fsockopen ( $server , $port , $errno , $errstr , 30); if (! $fp ) { echo "$errstr ($errno)<br />n" ; } else { $out = "GET $target HTTP/1.1rn" ; $out .= "Host: $hostrn" ; $out .= "Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEGrn" ; $out .= "Referer: $refererrn" ; $out .= "Connection: Closernrn" ; fwrite( $fp , $out ); while (! feof ( $fp )) { echo fgets ( $fp , 128); } fclose( $fp ); }查看更多关于PHP页面跳转与跨站提交伪造Referer地址来源 - php高的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did30332