Как передать HTTP_SESSION

Discussion in 'Песочница' started by GTAlex, 30 Nov 2016.

  1. GTAlex

    GTAlex New Member

    Joined:
    7 Sep 2009
    Messages:
    48
    Likes Received:
    0
    Reputations:
    0
    Собственно, обнаружил мини шелл который использует
    $_SERVER['HTTP_SESSION'] для своих тёмных делишек :)

    Собственно, вопрос - как POST запросом передать этот параметр ?

    Весь curl пересмотрел - не вижу :(
     
    #1 GTAlex, 30 Nov 2016
  2. GTAlex

    GTAlex New Member

    Joined:
    7 Sep 2009
    Messages:
    48
    Likes Received:
    0
    Reputations:
    0
    через CURLOPT_HTTPHEADER заголовок SESSION: ....
     
    #2 GTAlex, 30 Nov 2016
  3. Zen1T21

    Zen1T21 Member

    Joined:
    13 Jan 2013
    Messages:
    157
    Likes Received:
    37
    Reputations:
    2
    Че ты гонишь
     
    #3 Zen1T21, 30 Nov 2016
  4. GTAlex

    GTAlex New Member

    Joined:
    7 Sep 2009
    Messages:
    48
    Likes Received:
    0
    Reputations:
    0
    отнюдь
     
    #4 GTAlex, 30 Nov 2016
  5. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    830
    Likes Received:
    814
    Reputations:
    90
    zq.php -> print_r($_SERVER)
    Code:
    ~$ curl -s 'http://****.ru/zq.php' -H 'SESSION: 123' | grep -i sess
    [HTTP_SESSION] => 123
~$ curl -s 'http://****.ru/zq.php' -H 'BreakingNews: 123' | grep -i new
    [HTTP_BREAKINGNEWS] => 123
     
    _________________________
    #5 t0ma5, 30 Nov 2016
(You must log in or sign up to post here.)