- file_get_contents: documentation ( source)
- unserialize: documentation ( source)
<?php
class T
{
private $allowed = 0;
function __destruct() { if ($this->allowed == 1) echo file_get_contents("key.php"); }
}
if ($_SERVER['REQUEST_METHOD']!="GOD") die ("Only GOD method allowed");
$headers = apache_request_headers();
$is_ajax = (isset($headers['X-Requested-With']) && $headers['X-Requested-With'] == 'XMLHttpRequest');
if(!$is_ajax) die ("This is not ajax request");
if (!isset($_COOKIE['authorize'])) die ("Cookie authorize not set.");
if (!isset($_GET['data'])) die ("Parameter data not set");
$data = $_GET['data'];
echo file_get_contents("index.php");
unserialize($data);
?>