WooYun.org

<?php
error_reporting(0);
ini_set('max_execution_time', 0);
header("Content-Type: text/html; charset=UTF-8");
$a= urlencode(stripslashes($_GET['s']));
$a  = str_replace('+',"%20",$a);
$data = "objid=".$a;
do{
$output= request_by_other($data);
}
while($output=="" || strstr($output,"Implemented"));
echo $output;
function request_by_other($post_string)
{
    $context = array(
        'http' => array(
            'method' => 'POST',
            'header' => 'User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0' .
                        "\r\n".'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' .
                        "\r\n".'X-Requested-With: XMLHttpRequest'."\r\n".'Content-length:' . strlen($post_string),
            'content' => $post_string)
        );
    $stream_context = stream_context_create($context);
    $data = file_get_contents("http://ac.qq.com/CartoonComment/getCommentList", false, $stream_context);
    $data = $http_response_header[0].$data;
    return $data;
} 
?>