-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
450 changed files
with
30,798 additions
and
0 deletions.
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| ## 启动环境 | ||
|
|
||
| ``` | ||
| docker-compose build | ||
| docker-compose up -d | ||
| ``` | ||
|
|
||
| phpshe v1.1系统重装漏洞 | ||
|
|
||
| ## 0x01 getshell | ||
| 直接访问http://127.0.0.1/install | ||
|
|
||
| 在安装时,在数据表前缀写入:');phpinfo(); | ||
|  | ||
|
|
||
|
|
||
| 看一下config.php | ||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
|
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| version: '2' | ||
| services: | ||
| php5-app: | ||
| build: ./php-fpm | ||
| image: s1r1u5/phpshe:1.1 | ||
| restart: always | ||
| links: | ||
| - mysql_phpshe:db | ||
| ports: | ||
| - 80:80 | ||
|
|
||
| depends_on: | ||
| - mysql_phpshe | ||
|
|
||
| mysql_phpshe: | ||
| build: ./mysql | ||
| image: s1r1u5/mysql_phpshe:1.1 | ||
| environment: | ||
| MYSQL_ROOT_PASSWORD: "shadow" | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| FROM mysql:5.7 | ||
|
|
||
| MAINTAINER s1riu5 <[email protected]> | ||
|
|
||
| ENV AUTO_RUN_DIR /docker-entrypoint-initdb.d | ||
|
|
||
| ENV INSTALL_DB_SQL schema.sql | ||
|
|
||
| COPY ./$INSTALL_DB_SQL $AUTO_RUN_DIR/ | ||
|
|
||
| RUN chmod a+x $AUTO_RUN_DIR/$INSTALL_DB_SQL |
Large diffs are not rendered by default.
Oops, something went wrong.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| FROM php:5.6-apache | ||
|
|
||
| MAINTAINER s1riu5<[email protected]> | ||
|
|
||
|
|
||
|
|
||
| COPY src/ /var/www/html | ||
|
|
||
|
|
||
| RUN set -x \ | ||
| && chmod -R 777 /var/www/html \ | ||
| && a2enmod rewrite \ | ||
| && docker-php-ext-install mysql mysqli |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| <IfModule mod_rewrite.c> | ||
| RewriteEngine on | ||
| RewriteCond %{REQUEST_FILENAME} !-f | ||
| RewriteCond %{REQUEST_FILENAME} !-d | ||
| RewriteCond $1 !^(.*\.php|data|hook|include|template|module) | ||
| RewriteRule ^(.*)$ index.php/$1 [L] | ||
| </IfModule> |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| <?php | ||
| /** | ||
| * @copyright 2008-2012 简好技术 <http://www.phpshe.com> | ||
| * @creatdate 2012-0501 koyshe <[email protected]> | ||
| */ | ||
| include('common.php'); | ||
| $adminmenu[] = array( | ||
| 'headnav' => '商品管理', | ||
| 'subnav' => array( | ||
| array('name' => '商品分类', 'menumark' => 'category', 'url' => 'admin.php?mod=category'), | ||
| array('name' => '商品列表', 'menumark' => 'product', 'url' => 'admin.php?mod=product&state=1'), | ||
| array('name' => '商品咨询', 'menumark' => 'ask', 'url' => 'admin.php?mod=ask'), | ||
| array('name' => '商品评价', 'menumark' => 'comment', 'url' => 'admin.php?mod=comment'), | ||
| array('name' => '订单列表', 'menumark' => 'order', 'url' => 'admin.php?mod=order') | ||
| ) | ||
| ); | ||
| $adminmenu[] = array( | ||
| 'headnav' => '信息管理', | ||
| 'subnav' => array( | ||
| array('name' => '文章分类', 'menumark' => 'class', 'url' => 'admin.php?mod=class'), | ||
| array('name' => '文章列表', 'menumark' => 'article', 'url' => 'admin.php?mod=article'), | ||
| array('name' => '单页列表', 'menumark' => 'page', 'url' => 'admin.php?mod=page') | ||
| ) | ||
| ); | ||
| $adminmenu[] = array( | ||
| 'headnav' => '用户管理', | ||
| 'subnav' => array( | ||
| array('name' => '会员列表', 'menumark' => 'user', 'url' => 'admin.php?mod=user'), | ||
| array('name' => '管理列表', 'menumark' => 'admin', 'url' => 'admin.php?mod=admin') | ||
| ) | ||
| ); | ||
| $adminmenu[] = array( | ||
| 'headnav' => '控制面板', | ||
| 'subnav' => array( | ||
| array('name' => '基本信息', 'menumark' => 'setting_base', 'url' => 'admin.php?mod=setting&act=base'), | ||
| array('name' => '支付方式', 'menumark' => 'payway', 'url' => 'admin.php?mod=payway'), | ||
| array('name' => '缓存管理', 'menumark' => 'cache', 'url' => 'admin.php?mod=cache'), | ||
| array('name' => '数据安全', 'menumark' => 'db', 'url' => 'admin.php?mod=db'), | ||
| array('name' => '友情链接', 'menumark' => 'link', 'url' => 'admin.php?mod=link'), | ||
| array('name' => '广告列表', 'menumark' => 'ad', 'url' => 'admin.php?mod=ad') | ||
| ) | ||
| ); | ||
|
|
||
| if (!pe_login('admin') && $act != 'login') { | ||
| pe_goto('admin.php?mod=do&act=login'); | ||
| } | ||
| if (pe_login('admin') && ($act == 'login' or $mod == 'index')) { | ||
| pe_goto('admin.php?mod=order&act=list'); | ||
| } | ||
| include("{$pe['path_root']}module/{$module}/{$mod}.php"); | ||
| pe_result(); | ||
| ?> |
Oops, something went wrong.