php °²È«Ä£Ê½µÄ²»×ã
PHPµÄsafe_modeÑ¡ÏîµÄÄ¿µÄÊÇΪÁ˽â¾ö±¾ÕÂËùÊöµÄijЩÎÊÌâ¡£
µ«ÊÇ£¬ÔÚPHP²ãÃæÉÏÈ¥½â¾öÕâÀàÎÊÌâ´Ó¼Ü¹¹ÉÏÀ´¿´ÊDz»ÕýÈ·µÄ£¬ÕýÈçPHPÊÖ²áËùÊö(http://php.net/features.safe-mode)¡£
µ±°²È«Ä£Ê½ÉúЧʱ£¬PHP»á¶ÔÕýÔÚÖ´ÐеĽű¾Ëù¶ÁÈ¡£¨»òËù²Ù×÷£©ÎļþµÄÊôÖ÷½øÐмì²é£¬ÒÔ±£Ö¤Óë¸Ã½Å±¾µÄÊôÖ÷ÊÇÏàͬµÄ¡£
ËäÈ»ÕâÑùȷʵ¿ÉÒÔ·À·¶±¾ÕÂÖеĺܶàÀý×Ó£¬µ«Ëü²»»áÓ°ÏìÆäËüÓïÑÔ±àдµÄ³ÌÐò¡£
ÀýÈ磬ʹÓÃBashдµÄCGI½Å±¾£º
#!/bin/bash
echo "Content-Type:text/plain"
echo ""
cat /home/victim/inc/db.inc
Bash½âÎöÆ÷»áÈ¥¹ØÐÄÉõÖÁ¼ì²éPHPÅäÖÃÎļþÖеĴò¿ª°²È«Ä£Ê½µÄÅäÖÃ×Ö·û´®Âð£¿
µ±È»²»»á¡£Í¬ÑùµÄ£¬¸Ã·þÎñÆ÷Ö§³ÖµÄÆäËüÓïÑÔ£¬ÈçPerl£¬PythonµÈ¶¼²»»áÈ¥¹ØÐÄÕâ¸ö¡£
±¾ÕÂÖеÄËùÓÐÀý×Ó¿ÉÒԺܼòµ¥µØ±»¸Ä±à³ÉÆäËü±à³ÌÓïÑÔ¡£
ÁíÒ»¸öµäÐ͵ÄÎÊÌâÊÇ°²È«Ä£Ê½²»»á¾Ü¾øÊôÓÚWEB·þÎñÆ÷ÎļþµÄ·ÃÎÊ¡£
ÕâÊÇÓÉÓÚÒ»¶Î½Å±¾¿ÉÒÔÓÃÓÚ½¨Á¢ÁíÒ»¶Î½Å±¾£¬¶øнű¾ÊÇÊôÓÚWEB·þÎñÆ÷µÄ£¬Òò´ËËü¿ÉÒÔ·ÃÎÊËùÓÐÊôÓÚWEB·þÎñÆ÷µÄÎļþ£º
<?php
$filename='file.php';
$script='<?php
header(\'Content-Type:text/plain\');
readfile($_GET[\'file\']);
?>';
file_put_contents($filename,$script);
?>
ÉÏÃæµÄ½Å±¾½¨Á¢ÁËÏÂÃæµÄÎļþ£º
<?php
header('Content-Type:text/plain');
readfile($_GET['file']);
?>
ÓÉÓÚ¸ÃÎļþÊÇÓÉWeb·þÎñÆ÷Ëù½¨Á¢µÄ£¬Òò´ËËüµÄÊôÖ÷ÊÇWeb·þÎñÆ÷£¨ApacheÒ»°ãÒÔnobodyÓû§ÔËÐУ©£º
$ls file.php
-rw-r--r-- 1 nobody nobody 72 May 21 12:34 file.php
Òò´Ë£¬Õâ¸ö½Å±¾¿ÉÒÔÈƹýºÜ¶à°²È«Ä£Ê½ËùÌṩµÄ°²È«´ëÊ©¡£
¼´Ê¹´ò¿ªÁË°²È«Ä£Ê½£¬¹¥»÷ÕßÒ²ÄÜÏÔʾһЩÐÅÏ¢Èç±£´æÔÚ/tmpĿ¼ÄڵĻỰÐÅÏ¢£¬
ÕâÊÇÓÉÓÚÕâЩÎļþÊÇÊôÓÚWeb·þÎñÆ÷µÄ£¨nobody£©¡£
PHPµÄ°²È«Ä£Ê½È·ÊµÆðµ½ÁËһЩ×÷Ó㬿ÉÒÔÈÏΪËüÊÇÒ»ÖÖÉî¶È·À·¶»úÖÆ¡£
¿ÉÊÇ£¬ËüÖ»ÌṩÁË¿ÉÁ¯µÄ±£»¤£¬Í¬Ê±ÔÚ±¾ÕÂÖÐҲûÓÐÆäËü°²È«´ëÊ©À´Ìæ´úËü¡£
Ïà¹ØÎĵµ£º
__LINE__ ÎļþÖеĵ±Ç°Ðкš£
__FILE__ ÎļþµÄÍêÕû·¾¶ºÍÎļþÃû¡£Èç¹ûÓÃÔÚ±»°üº¬ÎļþÖУ¬Ôò·µ»Ø±»°üº¬µÄÎļþÃû¡£×Ô PHP 4.0.2 Æð£¬__FILE__
×ÜÊÇ°üº¬Ò»¸ö¾ø¶Ô·¾¶£¨Èç¹ûÊÇ·ûºÅÁ¬½Ó£¬ÔòÊǽâÎöºóµÄ¾ø¶Ô·¾¶£©£¬¶øÔÚ´Ë֮ǰµÄ°æ±¾ÓÐʱ»á°üº¬Ò»¸öÏà¶Ô·¾¶¡£
__DIR__ ÎļþËùÔÚµÄĿ¼¡£Èç¹ûÓÃÔÚ±»°üÀ¨ÎļþÖУ¬Ôò· ......
Memcacheº¯Êý¿âÊÇÔÚPECL(PHP Extension Community Library)ÖУ¬Ö÷Òª×÷ÓÃÊǴ´óÈÝÁ¿µÄÄÚ´æÊý¾ÝµÄÁÙʱ´æ·ÅÇøÓò£¬ÔÚ·Ö²¼Ê½µÄʱºò×÷ÓÃÌåÏֵķdz£Ã÷ÏÔ£¬·ñÔò²»½¨ÒéʹÓá£
memcacheº¯ÊýËùÓеķ½·¨ÁбíÈçÏ£º
²Î¿¼http://www.php.net/manual/zh/function.Memcache-add.php
Memcache::add – Ìí¼ÓÒ»¸öÖµ£¬Èç¹ûÒѾ´æÔÚ£¬Ô ......
¶ÔÓÚ³õѧÕßÀ´Ëµ£¬ÎÒÃÇÓÐʱºò»á¿´¼ûPHPÖÐÓÐÕâÑùµÄд·¨£º
@ unlink($filepath);
Ò²¿ÉÒÔд³É£º
unlink($filepath);
²»Ã÷°×ÕâÁ½ÖÖд·¨ÓÐʲôÇø±ð£¬±íÃæÉÏ£¬³ÌÐòÔËÐÐÆðÀ´ËƺõûʲôÇø±ð¡£
ʵ¼ÊÉÏ£¬¼ÓÉÏ@·ûºÅ£¬ÓÐÒÖÖÆ´íÎóÏÔʾµÄ¹¦ÄÜ¡£
¾ÍÄÃÉÏÃæµÄ´úÂëÀ´Ëµ£¬È¥µô@ʱ£¬
Èç¹û±»É¾³ýµÄÎļþ²»´æÔڵĻ°£¬Ôò»áÏÔʾÎļþ²»´æÔڵĴíÎ ......
VC6ÊÇʲô£¿
VC6¾ÍÊÇlegacy Visual
Studio 6 compiler£¬¾ÍÊÇʹÓÃÕâ¸ö±àÒëÆ÷±àÒëµÄ
VC9ÊÇʲô£¿
VC9¾ÍÊÇthe Visual Studio
2008 compiler£¬¾ÍÊÇÓÃ΢ÈíµÄVS±à¼Æ÷±àÒëµÄ
ÄÇÎÒÃÇÈçºÎÑ¡ÔñÏÂÔØÄĸö°æ±¾µÄPHPÄØ£¿
Èç¹ûÄãÊÇÔÚwindowsÏÂ
ʹÓÃApache+PHPµÄ£¬ÇëÑ¡ÔñVC6°æ±¾£»
Èç¹ûÄãÊÇÔÚwindowsÏÂʹÓÃIIS+PHPµÄ£¬ÇëÑ¡ÔñVC9 ......
in_array(value,array,type) //¼ì²éÒ»¸öÖµÊÇ·ñÔÚÊý×éÖÐ,type¿ÉÑ¡,ÉèÖÃΪtrue¼ì²éÀàÐÍÊÇ·ñÏàͬ,·Ö´óСд
Àý:
$os = array("Mac", "NT", "Irix", "Linux");
if (in_array("Irix", $os)) {
echo "Got Irix";
......