当前位置:网站首页>thinkphp3.2信息泄露
thinkphp3.2信息泄露
2022-07-07 07:00:00 【qq_42307546】
日志信息泄露
thinkphp在开启debug的情况下会在Runtime目录生成日志,如果debug模式不关,可以直接输入输入路劲造成目录遍历
Thinkphp3.2结构:\Application\Runtime\Logs\Home\22_07_05.log
Thinkphp3.1:\Runtime\Logs\Home\22_07_05.log
index.php开启debug模式
<?php
// +----------------------------------------------------------------------
// | ThinkPHP [ WE CAN DO IT JUST THINK ]
// +----------------------------------------------------------------------
// | Copyright (c) 2006-2014 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <[email protected]>
// +----------------------------------------------------------------------
// 应用入口文件
// 检测PHP环境
if(version_compare(PHP_VERSION,'5.3.0','<')) die('require PHP > 5.3.0 !');
// 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false
define('APP_DEBUG',True);
//定义网址
define('SITE_URL','http://www.tp.com:8080/index.php');
// 定义应用目录
define('APP_PATH','./Application/');
// 引入ThinkPHP入口文件
require './ThinkPHP/ThinkPHP.php';
// 亲^_^ 后面不需要任何代码了 就是如此简单
缓存泄露
F方法
S方法
<?php
namespace Home\Controller;
use Think\Controller;
class TestController extends Controller {
public function index(){
F("data","<?php phpinfo() ?>");//快速缓存,利用这个方法可以在/Data/目录下生成data.php文件内容就是 phpinfo()
S("data","123456");//利用这个方法会在Temp目录下生成一个md5为文件名的文件
}
public function login(){
$this->display();
}
}
开启调试追踪
\Application\Home\Conf\config.php
边栏推荐
- js逆向教程第二发-猿人学第一题
- Information Security Experiment 2: using x-scanner scanning tool
- Implementation of corner badge of Youmeng message push
- liunx命令
- Serializer & modelserializer of DRF serialization and deserialization
- Regular matching starts with XXX and ends with XXX
- Vs2013 generate solutions super slow solutions
- 创建一个长度为6的int型数组,要求数组元素的值都在1-30之间,且是随机赋值。同时,要求元素的值各不相同。
- Lecture 1: stack containing min function
- Information Security Experiment 4: implementation of IP packet monitoring program
猜你喜欢
第一讲:寻找矩阵的极小值
Lecture 1: stack containing min function
信息安全实验三 :PGP邮件加密软件的使用
Zen - batch import test cases
[cloud native] Devops (I): introduction to Devops and use of code tool
Sublime Text4 download the view in bower and set the shortcut key
Mysql database transaction learning notes
MySQL common statements
Dynamics 365Online ApplicationUser创建方式变更
Difference between interface iterator and iteratable
随机推荐
Lecture 1: stack containing min function
Idea development environment installation
Unity shader (basic concept)
How to use clipboard JS library implements copy and cut function
Lesson 1: finding the minimum of a matrix
asp. How to call vb DLL function in net project
Pycharm create a new file and add author information
DRF defines views and routes
NATAPP内网穿透
NETCORE 3.1 solves cross domain problems
Integer or int? How to select data types for entity classes in ORM
網易雲微信小程序
如何成为一名高级数字 IC 设计工程师(5-2)理论篇:ULP 低功耗设计技术精讲(上)
进程间的通信方式
Nested (multi-level) childrn routes, query parameters, named routes, replace attribute, props configuration of routes, params parameters of routes
Mysql database index study notes
IIS faked death this morning, various troubleshooting, has been solved
What is MD5
Oracle installation enhancements error
信息安全实验一:DES加密算法的实现