{"id":2651,"date":"2016-04-07T01:58:14","date_gmt":"2016-04-06T16:58:14","guid":{"rendered":"http:\/\/taitan916.info\/blog\/?p=2651"},"modified":"2024-02-25T18:43:52","modified_gmt":"2024-02-25T09:43:52","slug":"post-2651","status":"publish","type":"post","link":"https:\/\/taitan916.info\/blog\/archives\/2651","title":{"rendered":"PHP\u3067\u30e1\u30eb\u30de\u30ac\u3092\u914d\u4fe1\u3059\u308b\u65b9\u6cd5(1\u4ef6\u305a\u3064\u9001\u4fe1\u3059\u308b\u30d1\u30bf\u30fc\u30f3)"},"content":{"rendered":"

\u4ee5\u524d\u306bPHP\u3067\u30e1\u30eb\u30de\u30ac\u3092\u914d\u4fe1\u3059\u308b\u65b9\u6cd5<\/a>\u3092\u66f8\u3044\u305f\u3051\u3069\u3001BCC\u3060\u3068\u76f8\u624b\u306e\u540d\u524d\u306a\u3069\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u8a18\u8ff0\u3059\u308b\u308f\u3051\u306b\u306f\u3044\u304b\u305a\u3001\u307e\u305f\u3001BCC\u306e\u4ef6\u6570\u306b\u5236\u9650\u304c\u3042\u308b\u307f\u305f\u304f\u3001\u6570\u5343\u4ef6\u4ee5\u4e0a\u914d\u4fe1\u3059\u308b\u5834\u5408\u306f\u5c0f\u5206\u3051\u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u305d\u3046\u3002\u306a\u306e\u30671\u4ef6\u305a\u3064\u51e6\u7406\u3059\u308b\u65b9\u6cd5\u3092\u8003\u3048\u305f\u3002<\/p>\n

 <\/p>\n

\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9<\/h2>\n

mail.php<\/h3>\n
<?php\r\n\/\/\u30e1\u30fc\u30eb\u672c\u6587\u3001\u4ef6\u540d\u3001\u914d\u4fe1\u5bfe\u8c61\u8005\u306e\u691c\u7d22\u6761\u4ef6\u3092\u30d5\u30a9\u30fc\u30e0\u7b49\u304b\u3089\u53d7\u3051\u53d6\u308b\u3002\r\n$body = $_POST['body'];\r\n$subject = $_POST['subject'];\r\n$search = $_POST['search'];\r\n\r\n\/\/\u30e1\u30fc\u30eb\u30de\u30ac\u30b8\u30f3\u7528\u306e\u30c6\u30fc\u30d6\u30eb\u306bflg(\u4eca\u56de\u306f\u914d\u4fe1\u4e2d\u304c0\u3001\u914d\u4fe1\u7d42\u4e86\u304c1\u3068\u60f3\u5b9a)\u3001\u672c\u6587\u3001\u4ef6\u540d\u3001\u914d\u4fe1\u5bfe\u8c61\u8005\u306e\u691c\u7d22\u6761\u4ef6\u3092\u633f\u5165\r\n$sql = '\r\n    INSERT INTO mail_magazine \r\n        (flg, body, subject, search) \r\n    VALUES \r\n        (0, \"'.$body.'\", \"'.$subject.'\", \"'.$search.'\")\r\n';\r\n$row = $mysqli->query($sql);\r\n\r\nif( !$row ){\r\n    \/\/\u30a8\u30e9\u30fc\u51e6\u7406\r\n}\r\n\r\n\/\/send.php\u306b\u5148\u307b\u3069\u30e1\u30fc\u30eb\u30de\u30ac\u30b8\u30f3\u7528\u30c6\u30fc\u30d6\u30eb\u306b\u5165\u308c\u305fID\u3092\u6e21\u3057\u3066\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u3067\u5b9f\u884c\u3055\u305b\u308b\u3002\r\nexec(\"nohup \/usr\/bin\/php \/var\/www\/html\/send.php \".$mysqli->insert_id.\" > \/dev\/null &\");<\/pre>\n
send.php<\/h3>\n
<?php\r\n\/\/\u9001\u4fe1\u3059\u308b\u30e1\u30fc\u30eb\u30de\u30ac\u30b8\u30f3\u306e\u60c5\u5831\u3092\u547c\u3073\u51fa\u3059\u3002\r\n$sql = '\r\n    SELECT *\r\n    FROM mail_magazine \r\n    WHERE id = '.$argv[1].' \r\n';\r\n$row = $mysqli->query($sql);\r\nif( !$row ){\r\n    \/\/\u30a8\u30e9\u30fc\u51e6\u7406\r\n}\r\nwhile($rs = mysql_fetch_array($row)){\r\n    $body = $rs['body'];\r\n    $sucject = $rs['subject'];\r\n    $search = $rs['search'];\r\n}\r\n\r\n\r\n\/\/\u914d\u4fe1\u5bfe\u8c61\u8005\u306e\u60c5\u5831\u3092\u547c\u3073\u51fa\u3059\u3002\r\n$sql = '\r\n    SELECT *\r\n    FROM user \r\n    WHERE search = \"'.$search.'\" \r\n';\r\n$row = $mysqli->query($sql);\r\nif( !$row ){\r\n    \/\/\u30a8\u30e9\u30fc\u51e6\u7406\r\n}\r\n\r\n\r\n\/\/\u30e1\u30fc\u30eb\u306e\u30d8\u30c3\u30c0\u30fc\u60c5\u5831\u8a2d\u5b9a\r\n$header = 'From: info@hoge.com\\n';\r\n\r\n\r\n\/\/\u9001\u4fe1\u51e6\u7406\r\nwhile( $rs = $row->fetch_array(MYSQLI_ASSOC) ){\r\n    mb_send_mail($rs['mailaddress'], $subject, $body, $header);\r\n    sleep(1); \/\/1\u79d2\u305a\u3064\u9045\u5ef6\u3055\u305b\u308b\r\n}\r\n\r\n\r\n\/\/\u9001\u4fe1\u304c\u5b8c\u4e86\u3059\u308c\u3070\u30e1\u30fc\u30eb\u30de\u30ac\u30b8\u30f3\u7528\u306e\u30c6\u30fc\u30d6\u30eb\u306e\u30d5\u30e9\u30b0\u3092\u66f8\u304d\u63db\u3048\u308b\r\n$sql = '\r\n    UPDATE mail_magazine \r\n    SET flg = 1\r\n    WHERE id = '.$argv[1].' \r\n    LIMIT 1\r\n';\r\n$row = $mysqli->query($sql);\r\nif( !$row ){\r\n    \/\/\u30a8\u30e9\u30fc\u51e6\u7406\r\n}<\/pre>\n
 <\/p>\n
\u4f7f\u3044\u65b9<\/h2>\n
\u30e1\u30fc\u30eb\u672c\u6587\u3084\u30bf\u30a4\u30c8\u30eb\u3092\u5165\u529b\u3059\u308b\u30d5\u30a9\u30fc\u30e0\u3092\u4f5c\u3063\u3066\u3001\u305d\u306e\u53d7\u3051\u53d6\u308a\u5148\u3092mail.php\u306b\u3059\u308b\u3002mail.php\u304b\u3089send.php\u3092\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u51e6\u7406\u3055\u305b\u308b\u3002<\/p>\n
\u5c1a\u3001\u30d5\u30a9\u30fc\u30e0\u306e\u6642\u70b9\u3067\u73fe\u5728\u914d\u4fe1\u4e2d\u306e\u30d5\u30e9\u30b0\u304c\u7acb\u3063\u3066\u3044\u306a\u3044\u304b\u30c1\u30a7\u30c3\u30af\u3057\u3001\u3082\u3057\u3082\u914d\u4fe1\u4e2d\u306e\u30d5\u30e9\u30b0\u304c\u3042\u308c\u3070\u300c\u73fe\u5728\u914d\u4fe1\u4e2d\u306e\u305f\u3081\u304a\u5f85\u3061\u4e0b\u3055\u3044\u300d\u7684\u306a\u8868\u793a\u306b\u3057\u3001\u30d5\u30a9\u30fc\u30e0\u306f\u975e\u8868\u793a\u306b\u3059\u308b\u306e\u304c\u826f\u3055\u305d\u3046\u3002<\/p>\n
 <\/p>\n
\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u51e6\u7406<\/h2>\n
\u666e\u901a\u306bPHP\u3067\u51e6\u7406\u3057\u3088\u3046\u3068\u3059\u308b\u3068\u30d6\u30e9\u30a6\u30b6\u3092\u958b\u304d\u3063\u3071\u306a\u3057\u306b\u3057\u306a\u3044\u3068\u3044\u3051\u306a\u3044\u3051\u3069\u3001\u3053\u308c\u3060\u3068\u9014\u4e2d\u3067\u9589\u3058\u305f\u308a\u3068\u304b\u30da\u30fc\u30b8\u66f4\u65b0\u3055\u308c\u305f\u5834\u5408\u306b\u3069\u3046\u306a\u308b\u306e\u304b\u5206\u304b\u3089\u305a\u6016\u3044\u3002<\/p>\n
\u306a\u306e\u3067\u3001\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u3067\u51e6\u7406\u3067\u304d\u306a\u3044\u304b\u3068\u8abf\u3079\u305f\u3089exec\u95a2\u6570\u3067\u3044\u3051\u308b\u3089\u3057\u3044\u3002mail.php\u306b\u3082\u66f8\u3044\u3066\u3044\u308b\u3051\u3069\u4ee5\u4e0b\u306e\u5f62\u3067\u4f7f\u3046\u3002<\/p>\n
exec(\"\/usr\/bin\/php \u5b9f\u884c\u3055\u305b\u308bPHP\u30d5\u30a1\u30a4\u30eb\u540d\u6307\u5b9a \u5f15\u65701 \u5f15\u65702 > \/dev\/null &\");<\/pre>\n
\u6700\u521d\u306f\u5f15\u6570\u3092send.php?hoge=1&name=aaa\u307f\u305f\u3044\u306b\u66f8\u3044\u305f\u3051\u3069\u3001\u305d\u3046\u3067\u306f\u306a\u304f\u534a\u89d2\u30b9\u30da\u30fc\u30b9\u3067\u533a\u5207\u3063\u3066\u8a18\u8ff0\u3059\u308b\u3002<\/p>\n
\u53d7\u3051\u53d6\u308a\u5074\u306f$argv\u3068\u3044\u3046\u5909\u6570\u3067\u53d7\u3051\u53d6\u308b\u3002$_GET[]\u3067\u306f\u53d7\u3051\u53d6\u308c\u306a\u3044\u306e\u3067\u6ce8\u610f\u3002\u307e\u305f\u3001$argv[0]\u306f\u30b9\u30af\u30ea\u30d7\u30c8\u540d\u306b\u306a\u308b\u306e\u3067$argv[1]\u4ee5\u964d\u3092\u4f7f\u3046\u3002<\/p>\n
 <\/p>\n
\u30ea\u30d5\u30a1\u30ec\u30f3\u30b9<\/h2>\n
$argv<\/h3>\n
http:\/\/php.net\/manual\/ja\/reserved.variables.argv.php<\/a><\/p>\n
exec<\/h3>\n
http:\/\/php.net\/manual\/ja\/function.exec.php<\/a><\/p>\n
 <\/p>\n
\u305d\u306e\u4ed6<\/h2>\n
\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u51e6\u7406\u3063\u3066\u306e\u306f\u521d\u3081\u3066\u3060\u3063\u305f\u306e\u3067\u52c9\u5f37\u306b\u306a\u3063\u305f\u3002\u307e\u3060\u5b9f\u88c5\u306f\u51fa\u6765\u3066\u3044\u306a\u3044\u3051\u3069\u6982\u306d\u4eca\u56de\u306e\u69cb\u60f3\u3067\u3044\u3051\u305d\u3046\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4ee5\u524d\u306bPHP\u3067\u30e1\u30eb\u30de\u30ac\u3092\u914d\u4fe1\u3059\u308b\u65b9\u6cd5\u3092\u66f8\u3044\u305f\u3051\u3069\u3001BCC\u3060\u3068\u76f8\u624b\u306e\u540d\u524d\u306a\u3069\u30e6\u30fc\u30b6 ... <\/p>\n","protected":false},"author":1,"featured_media":1085,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[],"class_list":["post-2651","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-php"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/posts\/2651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/comments?post=2651"}],"version-history":[{"count":2,"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/posts\/2651\/revisions"}],"predecessor-version":[{"id":5054,"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/posts\/2651\/revisions\/5054"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/media\/1085"}],"wp:attachment":[{"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/media?parent=2651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/categories?post=2651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/taitan916.info\/blog\/wp-json\/wp\/v2\/tags?post=2651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}