├── Pass-01
├── helper.php
├── index.php
└── show_code.php
├── Pass-02
├── helper.php
├── index.php
└── show_code.php
├── Pass-03
├── helper.php
├── index.php
└── show_code.php
├── Pass-04
├── helper.php
├── index.php
└── show_code.php
├── Pass-05
├── helper.php
├── index.php
└── show_code.php
├── Pass-06
├── helper.php
├── index.php
└── show_code.php
├── Pass-07
├── helper.php
├── index.php
└── show_code.php
├── Pass-08
├── helper.php
├── index.php
└── show_code.php
├── Pass-09
├── helper.php
├── index.php
└── show_code.php
├── Pass-10
├── helper.php
├── index.php
└── show_code.php
├── Pass-11
├── helper.php
├── index.php
└── show_code.php
├── Pass-12
├── helper.php
├── index.php
└── show_code.php
├── Pass-13
├── helper.php
├── index.php
└── show_code.php
├── Pass-14
├── helper.php
├── index.php
└── show_code.php
├── Pass-15
├── helper.php
├── index.php
└── show_code.php
├── Pass-16
├── helper.php
├── index.php
└── show_code.php
├── Pass-17
├── helper.php
├── index.php
└── show_code.php
├── Pass-18
├── helper.php
├── index.php
└── show_code.php
├── Pass-19
├── helper.php
├── index.php
├── myupload.php
└── show_code.php
├── Pass-20
├── helper.php
├── index.php
└── show_code.php
├── Pass-21
├── helper.php
├── index.php
└── show_code.php
├── README.md
├── common.php
├── config.php
├── css
├── index.css
└── prism.css
├── doc
├── code.jpg
├── index.jpg
├── mind-map.png
├── pass.jpg
└── sum_up.png
├── docker
├── Dockerfile
├── docker-php.conf
└── php.ini
├── footer.php
├── head.php
├── img
├── close.png
├── favicon.png
├── loading.gif
└── logo.png
├── include.php
├── index.php
├── js
├── index.js
├── jquery.min.js
├── prism-line-numbers.min.js
├── prism-php.min.js
└── prism.js
├── menu.php
├── rmdir.php
└── upload
└── readme.php
/Pass-01/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-01/index.php:
--------------------------------------------------------------------------------
1 |
22 |
23 |
24 |
25 | -
26 |
任务
27 | 上传一个webshell到服务器。
28 |
29 | -
30 |
上传区
31 |
36 |
37 |
42 |
43 |
44 | ';
47 | }
48 | ?>
49 |
50 |
51 |
56 |
57 |
代码
3 |
4 | function checkFile() {
5 | var file = document.getElementsByName('upload_file')[0].value;
6 | if (file == null || file == "") {
7 | alert("请选择要上传的文件!");
8 | return false;
9 | }
10 | //定义允许上传的文件类型
11 | var allow_ext = ".jpg|.png|.gif";
12 | //提取上传文件的类型
13 | var ext_name = file.substring(file.lastIndexOf("."));
14 | //判断上传文件类型是否允许上传
15 | if (allow_ext.indexOf(ext_name + "|") == -1) {
16 | var errMsg = "该文件不允许上传,请上传" + allow_ext + "类型的文件,当前文件类型为:" + ext_name;
17 | alert(errMsg);
18 | return false;
19 | }
20 | }
21 |
22 |
23 |
--------------------------------------------------------------------------------
/Pass-02/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-02/index.php:
--------------------------------------------------------------------------------
1 |
26 |
27 |
28 |
29 | -
30 |
任务
31 | 上传一个webshell到服务器。
32 |
33 | -
34 |
上传区
35 |
40 |
41 |
46 |
47 |
48 | ';
51 | }
52 | ?>
53 |
54 |
55 |
60 |
61 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | if (($_FILES['upload_file']['type'] == 'image/jpeg') || ($_FILES['upload_file']['type'] == 'image/png') || ($_FILES['upload_file']['type'] == 'image/gif')) {
9 | $temp_file = $_FILES['upload_file']['tmp_name'];
10 | $img_path = UPLOAD_PATH . '/' . $_FILES['upload_file']['name']
11 | if (move_uploaded_file($temp_file, $img_path)) {
12 | $is_upload = true;
13 | } else {
14 | $msg = '上传出错!';
15 | }
16 | } else {
17 | $msg = '文件类型不正确,请重新上传!';
18 | }
19 | } else {
20 | $msg = UPLOAD_PATH.'文件夹不存在,请手工创建!';
21 | }
22 | }
23 |
24 |
25 |
--------------------------------------------------------------------------------
/Pass-03/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-03/index.php:
--------------------------------------------------------------------------------
1 |
35 |
36 |
37 |
38 | -
39 |
任务
40 | 上传一个webshell到服务器。
41 |
42 | -
43 |
上传区
44 |
49 |
50 |
55 |
56 |
57 | ';
60 | }
61 | ?>
62 |
63 |
64 |
69 |
70 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array('.asp','.aspx','.php','.jsp');
9 | $file_name = trim($_FILES['upload_file']['name']);
10 | $file_name = deldot($file_name);//删除文件名末尾的点
11 | $file_ext = strrchr($file_name, '.');
12 | $file_ext = strtolower($file_ext); //转换为小写
13 | $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
14 | $file_ext = trim($file_ext); //收尾去空
15 |
16 | if(!in_array($file_ext, $deny_ext)) {
17 | $temp_file = $_FILES['upload_file']['tmp_name'];
18 | $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
19 | if (move_uploaded_file($temp_file,$img_path)) {
20 | $is_upload = true;
21 | } else {
22 | $msg = '上传出错!';
23 | }
24 | } else {
25 | $msg = '不允许上传.asp,.aspx,.php,.jsp后缀文件!';
26 | }
27 | } else {
28 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
29 | }
30 | }
31 |
32 |
33 |
--------------------------------------------------------------------------------
/Pass-04/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-04/index.php:
--------------------------------------------------------------------------------
1 |
35 |
36 |
37 |
38 |
39 | -
40 |
任务
41 | 上传一个webshell到服务器。
42 |
43 | -
44 |
上传区
45 |
50 |
51 |
56 |
57 |
58 | ';
61 | }
62 | ?>
63 |
64 |
65 |
70 |
71 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array(".php",".php5",".php4",".php3",".php2",".php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".ini");
9 | $file_name = trim($_FILES['upload_file']['name']);
10 | $file_name = deldot($file_name);//删除文件名末尾的点
11 | $file_ext = strrchr($file_name, '.');
12 | $file_ext = strtolower($file_ext); //转换为小写
13 | $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
14 | $file_ext = trim($file_ext); //收尾去空
15 |
16 | if (!in_array($file_ext, $deny_ext)) {
17 | $temp_file = $_FILES['upload_file']['tmp_name'];
18 | $img_path = UPLOAD_PATH.'/'.$file_name;
19 | if (move_uploaded_file($temp_file, $img_path)) {
20 | $is_upload = true;
21 | } else {
22 | $msg = '上传出错!';
23 | }
24 | } else {
25 | $msg = '此文件不允许上传!';
26 | }
27 | } else {
28 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
29 | }
30 | }
31 |
32 |
33 |
--------------------------------------------------------------------------------
/Pass-05/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-05/index.php:
--------------------------------------------------------------------------------
1 |
35 |
36 |
37 |
38 | -
39 |
任务
40 | 上传一个webshell到服务器。
41 |
42 | -
43 |
上传区
44 |
49 |
50 |
55 |
56 |
57 | ';
60 | }
61 | ?>
62 |
63 |
64 |
69 |
70 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
9 | $file_name = trim($_FILES['upload_file']['name']);
10 | $file_name = deldot($file_name);//删除文件名末尾的点
11 | $file_ext = strrchr($file_name, '.');
12 | $file_ext = strtolower($file_ext); //转换为小写
13 | $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
14 | $file_ext = trim($file_ext); //首尾去空
15 |
16 | if (!in_array($file_ext, $deny_ext)) {
17 | $temp_file = $_FILES['upload_file']['tmp_name'];
18 | $img_path = UPLOAD_PATH.'/'.$file_name;
19 | if (move_uploaded_file($temp_file, $img_path)) {
20 | $is_upload = true;
21 | } else {
22 | $msg = '上传出错!';
23 | }
24 | } else {
25 | $msg = '此文件类型不允许上传!';
26 | }
27 | } else {
28 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
29 | }
30 | }
31 |
32 |
33 |
--------------------------------------------------------------------------------
/Pass-06/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-06/index.php:
--------------------------------------------------------------------------------
1 |
34 |
35 |
36 |
37 | -
38 |
任务
39 | 上传一个webshell到服务器。
40 |
41 | -
42 |
上传区
43 |
48 |
49 |
54 |
55 |
56 | ';
59 | }
60 | ?>
61 |
62 |
63 |
68 |
69 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
9 | $file_name = trim($_FILES['upload_file']['name']);
10 | $file_name = deldot($file_name);//删除文件名末尾的点
11 | $file_ext = strrchr($file_name, '.');
12 | $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
13 | $file_ext = trim($file_ext); //首尾去空
14 |
15 | if (!in_array($file_ext, $deny_ext)) {
16 | $temp_file = $_FILES['upload_file']['tmp_name'];
17 | $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
18 | if (move_uploaded_file($temp_file, $img_path)) {
19 | $is_upload = true;
20 | } else {
21 | $msg = '上传出错!';
22 | }
23 | } else {
24 | $msg = '此文件类型不允许上传!';
25 | }
26 | } else {
27 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
28 | }
29 | }
30 |
31 |
32 |
--------------------------------------------------------------------------------
/Pass-07/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-07/index.php:
--------------------------------------------------------------------------------
1 |
34 |
35 |
36 |
37 | -
38 |
任务
39 | 上传一个webshell到服务器。
40 |
41 | -
42 |
上传区
43 |
48 |
49 |
54 |
55 |
56 | ';
59 | }
60 | ?>
61 |
62 |
63 |
68 |
69 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
9 | $file_name = $_FILES['upload_file']['name'];
10 | $file_name = deldot($file_name);//删除文件名末尾的点
11 | $file_ext = strrchr($file_name, '.');
12 | $file_ext = strtolower($file_ext); //转换为小写
13 | $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
14 |
15 | if (!in_array($file_ext, $deny_ext)) {
16 | $temp_file = $_FILES['upload_file']['tmp_name'];
17 | $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
18 | if (move_uploaded_file($temp_file,$img_path)) {
19 | $is_upload = true;
20 | } else {
21 | $msg = '上传出错!';
22 | }
23 | } else {
24 | $msg = '此文件不允许上传';
25 | }
26 | } else {
27 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
28 | }
29 | }
30 |
31 |
32 |
--------------------------------------------------------------------------------
/Pass-08/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-08/index.php:
--------------------------------------------------------------------------------
1 |
33 |
34 |
35 |
36 | -
37 |
任务
38 | 上传一个webshell到服务器。
39 |
40 | -
41 |
上传区
42 |
47 |
48 |
53 |
54 |
55 | ';
58 | }
59 | ?>
60 |
61 |
62 |
67 |
68 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
9 | $file_name = trim($_FILES['upload_file']['name']);
10 | $file_ext = strrchr($file_name, '.');
11 | $file_ext = strtolower($file_ext); //转换为小写
12 | $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
13 | $file_ext = trim($file_ext); //首尾去空
14 |
15 | if (!in_array($file_ext, $deny_ext)) {
16 | $temp_file = $_FILES['upload_file']['tmp_name'];
17 | $img_path = UPLOAD_PATH.'/'.$file_name;
18 | if (move_uploaded_file($temp_file, $img_path)) {
19 | $is_upload = true;
20 | } else {
21 | $msg = '上传出错!';
22 | }
23 | } else {
24 | $msg = '此文件类型不允许上传!';
25 | }
26 | } else {
27 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
28 | }
29 | }
30 |
31 |
32 |
--------------------------------------------------------------------------------
/Pass-09/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-09/index.php:
--------------------------------------------------------------------------------
1 |
34 |
35 |
36 |
37 | -
38 |
任务
39 | 上传一个webshell到服务器。
40 |
41 | -
42 |
上传区
43 |
48 |
49 |
54 |
55 |
56 | ';
59 | }
60 | ?>
61 |
62 |
63 |
68 |
69 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
9 | $file_name = trim($_FILES['upload_file']['name']);
10 | $file_name = deldot($file_name);//删除文件名末尾的点
11 | $file_ext = strrchr($file_name, '.');
12 | $file_ext = strtolower($file_ext); //转换为小写
13 | $file_ext = trim($file_ext); //首尾去空
14 |
15 | if (!in_array($file_ext, $deny_ext)) {
16 | $temp_file = $_FILES['upload_file']['tmp_name'];
17 | $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
18 | if (move_uploaded_file($temp_file, $img_path)) {
19 | $is_upload = true;
20 | } else {
21 | $msg = '上传出错!';
22 | }
23 | } else {
24 | $msg = '此文件类型不允许上传!';
25 | }
26 | } else {
27 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
28 | }
29 | }
30 |
31 |
32 |
--------------------------------------------------------------------------------
/Pass-10/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-10/index.php:
--------------------------------------------------------------------------------
1 |
35 |
36 |
37 |
38 | -
39 |
任务
40 | 上传一个webshell到服务器。
41 |
42 | -
43 |
上传区
44 |
49 |
50 |
55 |
56 |
57 | ';
60 | }
61 | ?>
62 |
63 |
64 |
69 |
70 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
9 | $file_name = trim($_FILES['upload_file']['name']);
10 | $file_name = deldot($file_name);//删除文件名末尾的点
11 | $file_ext = strrchr($file_name, '.');
12 | $file_ext = strtolower($file_ext); //转换为小写
13 | $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
14 | $file_ext = trim($file_ext); //首尾去空
15 |
16 | if (!in_array($file_ext, $deny_ext)) {
17 | $temp_file = $_FILES['upload_file']['tmp_name'];
18 | $img_path = UPLOAD_PATH.'/'.$file_name;
19 | if (move_uploaded_file($temp_file, $img_path)) {
20 | $is_upload = true;
21 | } else {
22 | $msg = '上传出错!';
23 | }
24 | } else {
25 | $msg = '此文件类型不允许上传!';
26 | }
27 | } else {
28 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
29 | }
30 | }
31 |
32 |
33 |
--------------------------------------------------------------------------------
/Pass-11/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-11/index.php:
--------------------------------------------------------------------------------
1 |
26 |
27 |
28 |
29 | -
30 |
任务
31 | 上传一个webshell到服务器。
32 |
33 | -
34 |
上传区
35 |
40 |
41 |
46 |
47 |
48 | ';
51 | }
52 | ?>
53 |
54 |
55 |
60 |
61 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess","ini");
9 |
10 | $file_name = trim($_FILES['upload_file']['name']);
11 | $file_name = str_ireplace($deny_ext,"", $file_name);
12 | $temp_file = $_FILES['upload_file']['tmp_name'];
13 | $img_path = UPLOAD_PATH.'/'.$file_name;
14 | if (move_uploaded_file($temp_file, $img_path)) {
15 | $is_upload = true;
16 | } else {
17 | $msg = '上传出错!';
18 | }
19 | } else {
20 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
21 | }
22 | }
23 |
24 |
25 |
--------------------------------------------------------------------------------
/Pass-12/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-12/index.php:
--------------------------------------------------------------------------------
1 |
25 |
26 |
27 |
28 | -
29 |
任务
30 | 上传一个webshell到服务器。
31 |
32 | -
33 |
上传区
34 |
39 |
40 |
45 |
46 |
47 | ';
50 | }
51 | ?>
52 |
53 |
54 |
59 |
60 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if(isset($_POST['submit'])){
7 | $ext_arr = array('jpg','png','gif');
8 | $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
9 | if(in_array($file_ext,$ext_arr)){
10 | $temp_file = $_FILES['upload_file']['tmp_name'];
11 | $img_path = $_GET['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;
12 |
13 | if(move_uploaded_file($temp_file,$img_path)){
14 | $is_upload = true;
15 | } else {
16 | $msg = '上传出错!';
17 | }
18 | } else{
19 | $msg = "只允许上传.jpg|.png|.gif类型文件!";
20 | }
21 | }
22 |
23 |
24 |
--------------------------------------------------------------------------------
/Pass-13/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-13/index.php:
--------------------------------------------------------------------------------
1 |
25 |
26 |
27 |
28 | -
29 |
任务
30 | 上传一个webshell到服务器。
31 |
32 | -
33 |
上传区
34 |
40 |
41 |
46 |
47 |
48 | ';
51 | }
52 | ?>
53 |
54 |
55 |
60 |
61 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if(isset($_POST['submit'])){
7 | $ext_arr = array('jpg','png','gif');
8 | $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
9 | if(in_array($file_ext,$ext_arr)){
10 | $temp_file = $_FILES['upload_file']['tmp_name'];
11 | $img_path = $_POST['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;
12 |
13 | if(move_uploaded_file($temp_file,$img_path)){
14 | $is_upload = true;
15 | } else {
16 | $msg = "上传失败";
17 | }
18 | } else {
19 | $msg = "只允许上传.jpg|.png|.gif类型文件!";
20 | }
21 | }
22 |
23 |
24 |
--------------------------------------------------------------------------------
/Pass-14/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-14/index.php:
--------------------------------------------------------------------------------
1 |
47 |
48 |
49 |
50 | -
51 |
任务
52 | 上传图片马到服务器。
53 | 注意:
54 | 1.保证上传后的图片马中仍然包含完整的一句话或webshell代码。
55 | 2.使用文件包含漏洞能运行图片马中的恶意代码。
56 | 3.图片马要.jpg,.png,.gif三种后缀都上传成功才算过关!
57 |
58 | -
59 |
上传区
60 |
65 |
66 |
71 |
72 |
73 | ';
76 | }
77 | ?>
78 |
79 |
80 |
85 |
86 |
代码
3 |
4 | function getReailFileType($filename){
5 | $file = fopen($filename, "rb");
6 | $bin = fread($file, 2); //只读2字节
7 | fclose($file);
8 | $strInfo = @unpack("C2chars", $bin);
9 | $typeCode = intval($strInfo['chars1'].$strInfo['chars2']);
10 | $fileType = '';
11 | switch($typeCode){
12 | case 255216:
13 | $fileType = 'jpg';
14 | break;
15 | case 13780:
16 | $fileType = 'png';
17 | break;
18 | case 7173:
19 | $fileType = 'gif';
20 | break;
21 | default:
22 | $fileType = 'unknown';
23 | }
24 | return $fileType;
25 | }
26 |
27 | $is_upload = false;
28 | $msg = null;
29 | if(isset($_POST['submit'])){
30 | $temp_file = $_FILES['upload_file']['tmp_name'];
31 | $file_type = getReailFileType($temp_file);
32 |
33 | if($file_type == 'unknown'){
34 | $msg = "文件未知,上传失败!";
35 | }else{
36 | $img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").".".$file_type;
37 | if(move_uploaded_file($temp_file,$img_path)){
38 | $is_upload = true;
39 | } else {
40 | $msg = "上传出错!";
41 | }
42 | }
43 | }
44 |
45 |
46 |
--------------------------------------------------------------------------------
/Pass-15/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-15/index.php:
--------------------------------------------------------------------------------
1 | =0){
12 | return $ext;
13 | }else{
14 | return false;
15 | }
16 | }else{
17 | return false;
18 | }
19 | }
20 |
21 | $is_upload = false;
22 | $msg = null;
23 | if(isset($_POST['submit'])){
24 | $temp_file = $_FILES['upload_file']['tmp_name'];
25 | $res = isImage($temp_file);
26 | if(!$res){
27 | $msg = "文件未知,上传失败!";
28 | }else{
29 | $img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").$res;
30 | if(move_uploaded_file($temp_file,$img_path)){
31 | $is_upload = true;
32 | } else {
33 | $msg = "上传出错!";
34 | }
35 | }
36 | }
37 | ?>
38 |
39 |
40 |
41 | -
42 |
任务
43 | 上传图片马到服务器。
44 | 注意:
45 | 1.保证上传后的图片马中仍然包含完整的一句话或webshell代码。
46 | 2.使用文件包含漏洞能运行图片马中的恶意代码。
47 | 3.图片马要.jpg,.png,.gif三种后缀都上传成功才算过关!
48 |
49 | -
50 |
上传区
51 |
56 |
57 |
62 |
63 |
64 | ';
67 | }
68 | ?>
69 |
70 |
71 |
76 |
77 |
代码
3 |
4 | function isImage($filename){
5 | $types = '.jpeg|.png|.gif';
6 | if(file_exists($filename)){
7 | $info = getimagesize($filename);
8 | $ext = image_type_to_extension($info[2]);
9 | if(stripos($types,$ext)>=0){
10 | return $ext;
11 | }else{
12 | return false;
13 | }
14 | }else{
15 | return false;
16 | }
17 | }
18 |
19 | $is_upload = false;
20 | $msg = null;
21 | if(isset($_POST['submit'])){
22 | $temp_file = $_FILES['upload_file']['tmp_name'];
23 | $res = isImage($temp_file);
24 | if(!$res){
25 | $msg = "文件未知,上传失败!";
26 | }else{
27 | $img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").$res;
28 | if(move_uploaded_file($temp_file,$img_path)){
29 | $is_upload = true;
30 | } else {
31 | $msg = "上传出错!";
32 | }
33 | }
34 | }
35 |
36 |
37 |
--------------------------------------------------------------------------------
/Pass-16/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-16/index.php:
--------------------------------------------------------------------------------
1 |
42 |
43 |
44 |
45 | -
46 |
任务
47 | 上传图片马到服务器。
48 | 注意:
49 | 1.保证上传后的图片马中仍然包含完整的一句话或webshell代码。
50 | 2.使用文件包含漏洞能运行图片马中的恶意代码。
51 | 3.图片马要.jpg,.png,.gif三种后缀都上传成功才算过关!
52 |
53 | -
54 |
上传区
55 |
60 |
61 |
66 |
67 |
68 | ';
71 | }
72 | ?>
73 |
74 |
75 |
80 |
81 |
代码
3 |
4 | function isImage($filename){
5 | //需要开启php_exif模块
6 | $image_type = exif_imagetype($filename);
7 | switch ($image_type) {
8 | case IMAGETYPE_GIF:
9 | return "gif";
10 | break;
11 | case IMAGETYPE_JPEG:
12 | return "jpg";
13 | break;
14 | case IMAGETYPE_PNG:
15 | return "png";
16 | break;
17 | default:
18 | return false;
19 | break;
20 | }
21 | }
22 |
23 | $is_upload = false;
24 | $msg = null;
25 | if(isset($_POST['submit'])){
26 | $temp_file = $_FILES['upload_file']['tmp_name'];
27 | $res = isImage($temp_file);
28 | if(!$res){
29 | $msg = "文件未知,上传失败!";
30 | }else{
31 | $img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").".".$res;
32 | if(move_uploaded_file($temp_file,$img_path)){
33 | $is_upload = true;
34 | } else {
35 | $msg = "上传出错!";
36 | }
37 | }
38 | }
39 |
40 |
41 |
--------------------------------------------------------------------------------
/Pass-17/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-17/index.php:
--------------------------------------------------------------------------------
1 |
91 |
92 |
93 |
94 | -
95 |
任务
96 | 上传图片马到服务器。
97 | 注意:
98 | 1.保证上传后的图片马中仍然包含完整的一句话或webshell代码。
99 | 2.使用文件包含漏洞能运行图片马中的恶意代码。
100 | 3.图片马要.jpg,.png,.gif三种后缀都上传成功才算过关!
101 |
102 | -
103 |
上传区
104 |
109 |
110 |
115 |
116 |
117 | ';
120 | }
121 | ?>
122 |
123 |
124 |
129 |
130 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])){
7 | // 获得上传文件的基本信息,文件名,类型,大小,临时文件路径
8 | $filename = $_FILES['upload_file']['name'];
9 | $filetype = $_FILES['upload_file']['type'];
10 | $tmpname = $_FILES['upload_file']['tmp_name'];
11 |
12 | $target_path=UPLOAD_PATH.'/'.basename($filename);
13 |
14 | // 获得上传文件的扩展名
15 | $fileext= substr(strrchr($filename,"."),1);
16 |
17 | //判断文件后缀与类型,合法才进行上传操作
18 | if(($fileext == "jpg") && ($filetype=="image/jpeg")){
19 | if(move_uploaded_file($tmpname,$target_path)){
20 | //使用上传的图片生成新的图片
21 | $im = imagecreatefromjpeg($target_path);
22 |
23 | if($im == false){
24 | $msg = "该文件不是jpg格式的图片!";
25 | @unlink($target_path);
26 | }else{
27 | //给新图片指定文件名
28 | srand(time());
29 | $newfilename = strval(rand()).".jpg";
30 | //显示二次渲染后的图片(使用用户上传图片生成的新图片)
31 | $img_path = UPLOAD_PATH.'/'.$newfilename;
32 | imagejpeg($im,$img_path);
33 | @unlink($target_path);
34 | $is_upload = true;
35 | }
36 | } else {
37 | $msg = "上传出错!";
38 | }
39 |
40 | }else if(($fileext == "png") && ($filetype=="image/png")){
41 | if(move_uploaded_file($tmpname,$target_path)){
42 | //使用上传的图片生成新的图片
43 | $im = imagecreatefrompng($target_path);
44 |
45 | if($im == false){
46 | $msg = "该文件不是png格式的图片!";
47 | @unlink($target_path);
48 | }else{
49 | //给新图片指定文件名
50 | srand(time());
51 | $newfilename = strval(rand()).".png";
52 | //显示二次渲染后的图片(使用用户上传图片生成的新图片)
53 | $img_path = UPLOAD_PATH.'/'.$newfilename;
54 | imagepng($im,$img_path);
55 |
56 | @unlink($target_path);
57 | $is_upload = true;
58 | }
59 | } else {
60 | $msg = "上传出错!";
61 | }
62 |
63 | }else if(($fileext == "gif") && ($filetype=="image/gif")){
64 | if(move_uploaded_file($tmpname,$target_path)){
65 | //使用上传的图片生成新的图片
66 | $im = imagecreatefromgif($target_path);
67 | if($im == false){
68 | $msg = "该文件不是gif格式的图片!";
69 | @unlink($target_path);
70 | }else{
71 | //给新图片指定文件名
72 | srand(time());
73 | $newfilename = strval(rand()).".gif";
74 | //显示二次渲染后的图片(使用用户上传图片生成的新图片)
75 | $img_path = UPLOAD_PATH.'/'.$newfilename;
76 | imagegif($im,$img_path);
77 |
78 | @unlink($target_path);
79 | $is_upload = true;
80 | }
81 | } else {
82 | $msg = "上传出错!";
83 | }
84 | }else{
85 | $msg = "只允许上传后缀为.jpg|.png|.gif的图片文件!";
86 | }
87 | }
88 |
89 |
90 |
--------------------------------------------------------------------------------
/Pass-18/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-18/index.php:
--------------------------------------------------------------------------------
1 |
30 |
31 |
32 |
33 | -
34 |
任务
35 | 上传一个webshell到服务器。
36 |
37 | -
38 |
上传区
39 |
44 |
45 |
50 |
51 |
52 | ';
55 | }
56 | ?>
57 |
58 |
59 |
64 |
65 |
index.php代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 |
7 | if(isset($_POST['submit'])){
8 | $ext_arr = array('jpg','png','gif');
9 | $file_name = $_FILES['upload_file']['name'];
10 | $temp_file = $_FILES['upload_file']['tmp_name'];
11 | $file_ext = substr($file_name,strrpos($file_name,".")+1);
12 | $upload_file = UPLOAD_PATH . '/' . $file_name;
13 |
14 | if(move_uploaded_file($temp_file, $upload_file)){
15 | if(in_array($file_ext,$ext_arr)){
16 | $img_path = UPLOAD_PATH . '/'. rand(10, 99).date("YmdHis").".".$file_ext;
17 | rename($upload_file, $img_path);
18 | $is_upload = true;
19 | }else{
20 | $msg = "只允许上传.jpg|.png|.gif类型文件!";
21 | unlink($upload_file);
22 | }
23 | }else{
24 | $msg = '上传出错!';
25 | }
26 | }
27 |
28 |
29 |
--------------------------------------------------------------------------------
/Pass-19/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-19/index.php:
--------------------------------------------------------------------------------
1 | upload(UPLOAD_PATH);
14 | switch ($status_code) {
15 | case 1:
16 | $is_upload = true;
17 | $img_path = $u->cls_upload_dir . $u->cls_file_rename_to;
18 | break;
19 | case 2:
20 | $msg = '文件已经被上传,但没有重命名。';
21 | break;
22 | case -1:
23 | $msg = '这个文件不能上传到服务器的临时文件存储目录。';
24 | break;
25 | case -2:
26 | $msg = '上传失败,上传目录不可写。';
27 | break;
28 | case -3:
29 | $msg = '上传失败,无法上传该类型文件。';
30 | break;
31 | case -4:
32 | $msg = '上传失败,上传的文件过大。';
33 | break;
34 | case -5:
35 | $msg = '上传失败,服务器已经存在相同名称文件。';
36 | break;
37 | case -6:
38 | $msg = '文件无法上传,文件不能复制到目标目录。';
39 | break;
40 | default:
41 | $msg = '未知错误!';
42 | break;
43 | }
44 | }
45 | ?>
46 |
47 |
48 |
49 | -
50 |
任务
51 | 上传一个webshell到服务器。
52 |
53 | -
54 |
上传区
55 |
60 |
61 |
66 |
67 |
68 | ';
71 | }
72 | ?>
73 |
74 |
75 |
80 |
81 |
\n";
309 | print "\n";
314 | */
315 | ?>
--------------------------------------------------------------------------------
/Pass-19/show_code.php:
--------------------------------------------------------------------------------
1 |
2 | index.php代码
3 |
4 | //index.php
5 | $is_upload = false;
6 | $msg = null;
7 | if (isset($_POST['submit']))
8 | {
9 | require_once("./myupload.php");
10 | $imgFileName =time();
11 | $u = new MyUpload($_FILES['upload_file']['name'], $_FILES['upload_file']['tmp_name'], $_FILES['upload_file']['size'],$imgFileName);
12 | $status_code = $u->upload(UPLOAD_PATH);
13 | switch ($status_code) {
14 | case 1:
15 | $is_upload = true;
16 | $img_path = $u->cls_upload_dir . $u->cls_file_rename_to;
17 | break;
18 | case 2:
19 | $msg = '文件已经被上传,但没有重命名。';
20 | break;
21 | case -1:
22 | $msg = '这个文件不能上传到服务器的临时文件存储目录。';
23 | break;
24 | case -2:
25 | $msg = '上传失败,上传目录不可写。';
26 | break;
27 | case -3:
28 | $msg = '上传失败,无法上传该类型文件。';
29 | break;
30 | case -4:
31 | $msg = '上传失败,上传的文件过大。';
32 | break;
33 | case -5:
34 | $msg = '上传失败,服务器已经存在相同名称文件。';
35 | break;
36 | case -6:
37 | $msg = '文件无法上传,文件不能复制到目标目录。';
38 | break;
39 | default:
40 | $msg = '未知错误!';
41 | break;
42 | }
43 | }
44 |
45 | //myupload.php
46 | class MyUpload{
47 | ......
48 | ......
49 | ......
50 | var $cls_arr_ext_accepted = array(
51 | ".doc", ".xls", ".txt", ".pdf", ".gif", ".jpg", ".zip", ".rar", ".7z",".ppt",
52 | ".html", ".xml", ".tiff", ".jpeg", ".png" );
53 |
54 | ......
55 | ......
56 | ......
57 | /** upload()
58 | **
59 | ** Method to upload the file.
60 | ** This is the only method to call outside the class.
61 | ** @para String name of directory we upload to
62 | ** @returns void
63 | **/
64 | function upload( $dir ){
65 |
66 | $ret = $this->isUploadedFile();
67 |
68 | if( $ret != 1 ){
69 | return $this->resultUpload( $ret );
70 | }
71 |
72 | $ret = $this->setDir( $dir );
73 | if( $ret != 1 ){
74 | return $this->resultUpload( $ret );
75 | }
76 |
77 | $ret = $this->checkExtension();
78 | if( $ret != 1 ){
79 | return $this->resultUpload( $ret );
80 | }
81 |
82 | $ret = $this->checkSize();
83 | if( $ret != 1 ){
84 | return $this->resultUpload( $ret );
85 | }
86 |
87 | // if flag to check if the file exists is set to 1
88 |
89 | if( $this->cls_file_exists == 1 ){
90 |
91 | $ret = $this->checkFileExists();
92 | if( $ret != 1 ){
93 | return $this->resultUpload( $ret );
94 | }
95 | }
96 |
97 | // if we are here, we are ready to move the file to destination
98 |
99 | $ret = $this->move();
100 | if( $ret != 1 ){
101 | return $this->resultUpload( $ret );
102 | }
103 |
104 | // check if we need to rename the file
105 |
106 | if( $this->cls_rename_file == 1 ){
107 | $ret = $this->renameFile();
108 | if( $ret != 1 ){
109 | return $this->resultUpload( $ret );
110 | }
111 | }
112 |
113 | // if we are here, everything worked as planned :)
114 |
115 | return $this->resultUpload( "SUCCESS" );
116 |
117 | }
118 | ......
119 | ......
120 | ......
121 | };
122 |
123 |
124 |
--------------------------------------------------------------------------------
/Pass-20/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-20/index.php:
--------------------------------------------------------------------------------
1 |
42 |
43 |
44 |
45 | -
46 |
任务
47 | 上传一个webshell到服务器。
48 |
49 | -
50 |
上传区
51 |
58 |
59 |
64 |
65 |
66 | ';
69 | }
70 | ?>
71 |
72 |
73 |
78 |
79 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if (isset($_POST['submit'])) {
7 | if (file_exists(UPLOAD_PATH)) {
8 | $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess");
9 |
10 | $file_name = $_POST['save_name'];
11 | $file_ext = pathinfo($file_name,PATHINFO_EXTENSION);
12 |
13 | if(!in_array($file_ext,$deny_ext)) {
14 | $temp_file = $_FILES['upload_file']['tmp_name'];
15 | $img_path = UPLOAD_PATH . '/' .$file_name;
16 | if (move_uploaded_file($temp_file, $img_path)) {
17 | $is_upload = true;
18 | }else{
19 | $msg = '上传出错!';
20 | }
21 | }else{
22 | $msg = '禁止保存为该类型文件!';
23 | }
24 |
25 | } else {
26 | $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
27 | }
28 | }
29 |
30 |
31 |
--------------------------------------------------------------------------------
/Pass-21/helper.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Pass-21/index.php:
--------------------------------------------------------------------------------
1 |
53 |
54 |
55 |
56 | -
57 |
任务
58 | 上传一个webshell到服务器。
59 |
60 | -
61 |
上传区
62 |
69 |
70 |
75 |
76 |
77 | ';
80 | }
81 | ?>
82 |
83 |
84 |
89 |
90 |
代码
3 |
4 | $is_upload = false;
5 | $msg = null;
6 | if(!empty($_FILES['upload_file'])){
7 | //检查MIME
8 | $allow_type = array('image/jpeg','image/png','image/gif');
9 | if(!in_array($_FILES['upload_file']['type'],$allow_type)){
10 | $msg = "禁止上传该类型文件!";
11 | }else{
12 | //检查文件名
13 | $file = empty($_POST['save_name']) ? $_FILES['upload_file']['name'] : $_POST['save_name'];
14 | if (!is_array($file)) {
15 | $file = explode('.', strtolower($file));
16 | }
17 |
18 | $ext = end($file);
19 | $allow_suffix = array('jpg','png','gif');
20 | if (!in_array($ext, $allow_suffix)) {
21 | $msg = "禁止上传该后缀文件!";
22 | }else{
23 | $file_name = reset($file) . '.' . $file[count($file) - 1];
24 | $temp_file = $_FILES['upload_file']['tmp_name'];
25 | $img_path = UPLOAD_PATH . '/' .$file_name;
26 | if (move_uploaded_file($temp_file, $img_path)) {
27 | $msg = "文件上传成功!";
28 | $is_upload = true;
29 | } else {
30 | $msg = "文件上传失败!";
31 | }
32 | }
33 | }
34 | }else{
35 | $msg = "请选择要上传的文件!";
36 | }
37 |
38 |
39 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
4 |
5 |
6 | 
7 | 
8 | 
9 |
10 |
11 | ---
12 |
13 | **upload-labs是一个使用php语言编写的,专门收集渗透测试和CTF中遇到的各种上传漏洞的靶场。旨在帮助大家对上传漏洞有一个全面的了解。目前一共20关,每一关都包含着不同上传方式。**
14 |
15 | ## 0x01 Screenshot
16 |
17 | #### 1.1 主界面
18 |
19 | 
20 |
21 | #### 1.2 每一关
22 |
23 | 
24 |
25 | #### 1.3 查看代码
26 |
27 | 
28 |
29 | ## 0x02 Install
30 |
31 | #### 2.1 环境要求
32 |
33 | 若要自己亲自搭建环境,请按照以下配置环境,方可正常运行每个Pass。
34 |
35 | |配置项|配置|描述|
36 | |:---|:---|:---|
37 | |操作系统|Window or Linux|推荐使用Windows,除了Pass-19必须在linux下,其余Pass都可以在Windows上运行|
38 | |PHP版本|推荐5.2.17|其他版本可能会导致部分Pass无法突破|
39 | |PHP组件|php_gd2,php_exif|部分Pass依赖这两个组件|
40 | |中间件|设置Apache以moudel方式连接||
41 |
42 | #### 2.2 Windows快速搭建
43 |
44 | 项目提供了一个Windows下,按照以上配置要求配置好的集成环境
45 |
46 | 下载地址:https://github.com/c0ny1/upload-labs/releases
47 |
48 | 集成环境绿色免安装,解压即可使用。
49 |
50 | #### 2.3 Linux快速搭建
51 |
52 | 创建镜像
53 |
54 | ```
55 | $ cd upload-labs/docker
56 | $ docker build -t upload-labs .
57 | ```
58 |
59 | 或
60 |
61 | ```
62 | $ docker pull c0ny1/upload-labs
63 | ```
64 |
65 | 创建容器
66 |
67 | ```
68 | $ docker run -d -p 80:80 upload-labs:latest
69 | ```
70 |
71 | ## 0x03 Summary
72 |
73 | #### 3.1 靶机包含漏洞类型分类
74 |
75 | 
76 |
77 | #### 3.2 如何判断上传漏洞类型?
78 |
79 | 
80 |
81 | ## 0x04 Thanks
82 |
83 | * 感谢[小小黄](https://github.com/xiaoxiaoki)做的logo
84 |
--------------------------------------------------------------------------------
/common.php:
--------------------------------------------------------------------------------
1 | 0;$i--){
4 | $c = substr($s,$i,1);
5 | if($i == strlen($s)-1 and $c != '.'){
6 | return $s;
7 | }
8 |
9 | if($c != '.'){
10 | return substr($s,0,$i+1);
11 | }
12 | }
13 | }
14 | ?>
--------------------------------------------------------------------------------
/config.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/css/index.css:
--------------------------------------------------------------------------------
1 | /**
2 | * author: c0ny1
3 | * date: 2018-6-13
4 | * project: https://github.com/c0ny1/upload-labs
5 | */
6 |
7 | body{
8 | margin: 0 0 0 0;
9 | min-width: 1340px;/*防止窗口变小导致页面变形*/
10 | background: #333333;
11 | font-family: Lato, "Helvetica Neue", Helvetica, Arial, "Microsoft Yahei", 微软雅黑, sans-serif;
12 | }
13 |
14 | #head{
15 | width: 100%;
16 | margin: 0px auto;
17 | margin-bottom: 10px;
18 | min-width: 1050px;
19 | }
20 |
21 | #head_menu a{
22 | background: #FFCC00;
23 | margin: 10px 10px 10px 10px;
24 | padding: 8px;
25 | -webkit-border-radius:5px;
26 | font-family: 黑体;
27 | color: #333333;
28 | text-decoration: none;
29 | font-size: 13px;
30 | font-weight: bold;
31 | }
32 |
33 | #head img{
34 | margin-top: 10px;
35 | height: 45px;
36 | }
37 |
38 | #head_menu{
39 | min-width: 250px;
40 | margin: 20px 40px 10px 10px;
41 | float: right;
42 | }
43 |
44 | ol{
45 | list-style:none;
46 | }
47 |
48 | ol li h3{
49 | font-family:"Arista2",helvetica,sans-serif;
50 | color: #E05D04;
51 | font-size: 18px;
52 | }
53 |
54 | p{
55 | color:#fff;
56 | margin: 15px 0px;
57 | letter-spacing: 5px;
58 | font-size: 14px;
59 | }
60 |
61 | p code {
62 | background: #323232;
63 | font-size: .8em;
64 | padding: 4px;
65 | margin-right: 5px;
66 | color: #fff55c;
67 | -webkit-border-radius:5px;
68 | letter-spacing: 0px;
69 | }
70 |
71 | #img{
72 | margin-top:20px;
73 | margin-left: 20px;
74 | }
75 |
76 | #main{
77 | border: 1px #ddd;
78 | width: 100%;
79 | float: left;
80 | border: 1px solid #000;
81 | padding-top: 20px;
82 | padding-bottom: 20px;
83 | }
84 |
85 | #menu{
86 | float: left;
87 | width: 10%;
88 | padding: 10 10 10 10;
89 | min-width: 100px;
90 | margin-left: 40px;
91 |
92 | }
93 |
94 | #menu ul{
95 | margin: 0 0 0 0;
96 | padding: 0 0 0 0;
97 | }
98 |
99 | #menu ul li{
100 | list-style-type:none;
101 | text-align: center;
102 | margin-bottom: 5px;
103 | }
104 |
105 | #menu ul li a{
106 | color: #FDA162;
107 | text-decoration: none;
108 | font-size: 16px;
109 | padding: 5 30 5 30;
110 | }
111 |
112 | #menu ul li a:hover{
113 | color: #E05D04;
114 | background: #252525;
115 | -webkit-border-radius:5px;
116 | }
117 |
118 | .a_is_selected{
119 | color: #E05D04;
120 | background: #252525;
121 | -webkit-border-radius:5px;
122 | padding: 5 30 5 30;
123 | }
124 |
125 | #upload_panel{
126 | float: right;
127 | width: 78%;
128 | min-width: 500px;
129 | padding: 10 10 10 10;
130 | margin-right: 80px;
131 | background: #444444;
132 | -webkit-border-radius:5px;
133 | }
134 |
135 | #upload_panel ol{
136 | padding-right: 40px;
137 | }
138 |
139 | #upload_panel a{
140 | text-decoration: none;
141 | padding: 0px 0px 1px 0px;
142 | color: #fff55c;
143 | }
144 |
145 | #upload_panel a:hover {
146 | border-bottom:2px solid #FDA162;
147 | }
148 |
149 | .input_file{
150 | -webkit-border-radius: 5px;
151 | background: #323232;
152 | border: 0px;
153 | }
154 |
155 | .input_text{
156 | padding: 5px;
157 | width: 240px;
158 | height: 22px;
159 | line-height: 22px;
160 | border: 0px;
161 | -webkit-border-radius: 5px;
162 | color: #888888;
163 | background: #323232;
164 | }
165 |
166 | .button{
167 | background: #FFCC00;
168 | margin: 10px;
169 | padding: 4px;
170 | -webkit-border-radius:5px;
171 | font-family:黑体;
172 | border:0px;
173 | }
174 | #msg{
175 | color:red;
176 | }
177 |
178 | #img img{
179 | border:1px solid #000;
180 | }
181 | #footer{
182 | color: #C1C1C1;
183 | float: left;
184 | background: #222222;
185 | width: 100%;
186 | line-height: 50px;
187 | }
188 |
189 | #footer a{
190 | text-decoration: none;
191 | color: #A5041D;
192 | }
193 |
194 | .mask {
195 | width:100%;
196 | height:100%;
197 | background:rgba(0,0,0,0.6);
198 | display:none;
199 | position:fixed;
200 | _position:absolute;
201 | top:0; left:0;
202 | z-index:99;
203 | }
204 |
205 | .dialog {
206 | min-height:120px;
207 | background:#393D48;
208 | color:#fff;display:none;
209 | position:fixed; top:20%;
210 | left:50%;
211 | z-index:100;
212 | box-shadow:3px 3px 5px #000;
213 | -webkit-border-radius: 5px;
214 | }
215 |
216 | .dialog-title {
217 | background:#91440F;
218 | width:100%;
219 | height: 30px;
220 | line-height: 30px;
221 | text-align: center;
222 | -webkit-border-radius: 5px 5px 0px 0px;
223 | }
224 |
225 | .dialog a.close {
226 | display:block;
227 | width:22px;
228 | height:22px;
229 | background:url(../img/close.png) center no-repeat #91440F;
230 | text-indent:-9999em;
231 | margin-right: 10px;
232 | margin-top: 5px;
233 | }
234 |
235 | .dialog a.close {
236 | position:absolute; top:0;
237 | right:0;
238 | z-index:101;
239 | }
240 |
241 | .dialog.loading {
242 | background:url(../img/loading.gif) center no-repeat #393D48;
243 | }
244 |
245 | .dialog-content {
246 | line-height: 20px;
247 | padding:22px 10px 10px 10px;
248 | border-top: 1px solid #000;
249 | -webkit-border-radius: 0px 0px 5px 5px;
250 | /*过长文本自动换行*/
251 | word-break: break-all;
252 | word-wrap: break-word;
253 | }
--------------------------------------------------------------------------------
/css/prism.css:
--------------------------------------------------------------------------------
1 | /* PrismJS 1.14.0
2 | http://prismjs.com/download.html#themes=prism-twilight&languages=markup+clike+javascript+markup-templating+php+php-extras&plugins=line-numbers */
3 | /**
4 | * prism.js Twilight theme
5 | * Based (more or less) on the Twilight theme originally of Textmate fame.
6 | * @author Remy Bach
7 | */
8 | code[class*="language-"],
9 | pre[class*="language-"] {
10 | color: white;
11 | background: none;
12 | font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace;
13 | text-align: left;
14 | text-shadow: 0 -.1em .2em black;
15 | white-space: pre;
16 | word-spacing: normal;
17 | word-break: normal;
18 | word-wrap: normal;
19 | line-height: 1.5;
20 |
21 | -moz-tab-size: 4;
22 | -o-tab-size: 4;
23 | tab-size: 4;
24 |
25 | -webkit-hyphens: none;
26 | -moz-hyphens: none;
27 | -ms-hyphens: none;
28 | hyphens: none;
29 | }
30 |
31 | pre[class*="language-"],
32 | :not(pre) > code[class*="language-"] {
33 | background: hsl(0, 0%, 8%); /* #141414 */
34 | }
35 |
36 | /* Code blocks */
37 | pre[class*="language-"] {
38 | border-radius: .5em;
39 | border: .3em solid hsl(0, 0%, 33%); /* #282A2B */
40 | box-shadow: 1px 1px .5em black inset;
41 | margin: .5em 0;
42 | overflow: auto;
43 | padding: 1em;
44 | }
45 |
46 | pre[class*="language-"]::-moz-selection {
47 | /* Firefox */
48 | background: hsl(200, 4%, 16%); /* #282A2B */
49 | }
50 |
51 | pre[class*="language-"]::selection {
52 | /* Safari */
53 | background: hsl(200, 4%, 16%); /* #282A2B */
54 | }
55 |
56 | /* Text Selection colour */
57 | pre[class*="language-"]::-moz-selection, pre[class*="language-"] ::-moz-selection,
58 | code[class*="language-"]::-moz-selection, code[class*="language-"] ::-moz-selection {
59 | text-shadow: none;
60 | background: hsla(0, 0%, 93%, 0.15); /* #EDEDED */
61 | }
62 |
63 | pre[class*="language-"]::selection, pre[class*="language-"] ::selection,
64 | code[class*="language-"]::selection, code[class*="language-"] ::selection {
65 | text-shadow: none;
66 | background: hsla(0, 0%, 93%, 0.15); /* #EDEDED */
67 | }
68 |
69 | /* Inline code */
70 | :not(pre) > code[class*="language-"] {
71 | border-radius: .3em;
72 | border: .13em solid hsl(0, 0%, 33%); /* #545454 */
73 | box-shadow: 1px 1px .3em -.1em black inset;
74 | padding: .15em .2em .05em;
75 | white-space: normal;
76 | }
77 |
78 | .token.comment,
79 | .token.prolog,
80 | .token.doctype,
81 | .token.cdata {
82 | color: hsl(0, 0%, 47%); /* #777777 */
83 | }
84 |
85 | .token.punctuation {
86 | opacity: .7;
87 | }
88 |
89 | .namespace {
90 | opacity: .7;
91 | }
92 |
93 | .token.tag,
94 | .token.boolean,
95 | .token.number,
96 | .token.deleted {
97 | color: hsl(14, 58%, 55%); /* #CF6A4C */
98 | }
99 |
100 | .token.keyword,
101 | .token.property,
102 | .token.selector,
103 | .token.constant,
104 | .token.symbol,
105 | .token.builtin {
106 | color: hsl(53, 89%, 79%); /* #F9EE98 */
107 | }
108 |
109 | .token.attr-name,
110 | .token.attr-value,
111 | .token.string,
112 | .token.char,
113 | .token.operator,
114 | .token.entity,
115 | .token.url,
116 | .language-css .token.string,
117 | .style .token.string,
118 | .token.variable,
119 | .token.inserted {
120 | color: hsl(76, 21%, 52%); /* #8F9D6A */
121 | }
122 |
123 | .token.atrule {
124 | color: hsl(218, 22%, 55%); /* #7587A6 */
125 | }
126 |
127 | .token.regex,
128 | .token.important {
129 | color: hsl(42, 75%, 65%); /* #E9C062 */
130 | }
131 |
132 | .token.important,
133 | .token.bold {
134 | font-weight: bold;
135 | }
136 | .token.italic {
137 | font-style: italic;
138 | }
139 |
140 | .token.entity {
141 | cursor: help;
142 | }
143 |
144 | pre[data-line] {
145 | padding: 1em 0 1em 3em;
146 | position: relative;
147 | }
148 |
149 | /* Markup */
150 | .language-markup .token.tag,
151 | .language-markup .token.attr-name,
152 | .language-markup .token.punctuation {
153 | color: hsl(33, 33%, 52%); /* #AC885B */
154 | }
155 |
156 | /* Make the tokens sit above the line highlight so the colours don't look faded. */
157 | .token {
158 | position: relative;
159 | z-index: 1;
160 | }
161 |
162 | .line-highlight {
163 | background: hsla(0, 0%, 33%, 0.25); /* #545454 */
164 | background: linear-gradient(to right, hsla(0, 0%, 33%, .1) 70%, hsla(0, 0%, 33%, 0)); /* #545454 */
165 | border-bottom: 1px dashed hsl(0, 0%, 33%); /* #545454 */
166 | border-top: 1px dashed hsl(0, 0%, 33%); /* #545454 */
167 | left: 0;
168 | line-height: inherit;
169 | margin-top: 0.75em; /* Same as .prism’s padding-top */
170 | padding: inherit 0;
171 | pointer-events: none;
172 | position: absolute;
173 | right: 0;
174 | white-space: pre;
175 | z-index: 0;
176 | }
177 |
178 | .line-highlight:before,
179 | .line-highlight[data-end]:after {
180 | background-color: hsl(215, 15%, 59%); /* #8794A6 */
181 | border-radius: 999px;
182 | box-shadow: 0 1px white;
183 | color: hsl(24, 20%, 95%); /* #F5F2F0 */
184 | content: attr(data-start);
185 | font: bold 65%/1.5 sans-serif;
186 | left: .6em;
187 | min-width: 1em;
188 | padding: 0 .5em;
189 | position: absolute;
190 | text-align: center;
191 | text-shadow: none;
192 | top: .4em;
193 | vertical-align: .3em;
194 | }
195 |
196 | .line-highlight[data-end]:after {
197 | bottom: .4em;
198 | content: attr(data-end);
199 | top: auto;
200 | }
201 |
202 | pre.line-numbers {
203 | position: relative;
204 | padding-left: 3.8em;
205 | counter-reset: linenumber;
206 | }
207 |
208 | pre.line-numbers > code {
209 | position: relative;
210 | white-space: inherit;
211 | }
212 |
213 | .line-numbers .line-numbers-rows {
214 | position: absolute;
215 | pointer-events: none;
216 | top: 0;
217 | font-size: 100%;
218 | left: -3.8em;
219 | width: 3em; /* works for line-numbers below 1000 lines */
220 | letter-spacing: -1px;
221 | border-right: 1px solid #999;
222 |
223 | -webkit-user-select: none;
224 | -moz-user-select: none;
225 | -ms-user-select: none;
226 | user-select: none;
227 |
228 | }
229 |
230 | .line-numbers-rows > span {
231 | pointer-events: none;
232 | display: block;
233 | counter-increment: linenumber;
234 | }
235 |
236 | .line-numbers-rows > span:before {
237 | content: counter(linenumber);
238 | color: #999;
239 | display: block;
240 | padding-right: 0.8em;
241 | text-align: right;
242 | }
243 |
--------------------------------------------------------------------------------
/doc/code.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/upload-labs/3a0ff865d41d93ea7d57a91e837f084d9d2318e5/doc/code.jpg
--------------------------------------------------------------------------------
/doc/index.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/upload-labs/3a0ff865d41d93ea7d57a91e837f084d9d2318e5/doc/index.jpg
--------------------------------------------------------------------------------
/doc/mind-map.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/upload-labs/3a0ff865d41d93ea7d57a91e837f084d9d2318e5/doc/mind-map.png
--------------------------------------------------------------------------------
/doc/pass.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/upload-labs/3a0ff865d41d93ea7d57a91e837f084d9d2318e5/doc/pass.jpg
--------------------------------------------------------------------------------
/doc/sum_up.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/upload-labs/3a0ff865d41d93ea7d57a91e837f084d9d2318e5/doc/sum_up.png
--------------------------------------------------------------------------------
/docker/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM php:5.5-apache
2 |
3 | MAINTAINER c0ny1
4 | ENV LC_ALL C.UTF-8
5 | ENV TZ=Asia/Shanghai
6 |
7 | COPY . /tmp/
8 |
9 | # config apache && php
10 | RUN cp /tmp/docker-php.conf /etc/apache2/conf-available/docker-php.conf &&\
11 | cp /tmp/php.ini /usr/local/etc/php/ &&\
12 | cp /tmp/php.ini /usr/local/etc/php/conf.d/
13 |
14 | # install git && php ext
15 | RUN apt-get update && \
16 | apt-get install -y libgd-dev &&\
17 | apt-get install -y git &&\
18 | docker-php-ext-install gd &&\
19 | docker-php-ext-enable gd &&\
20 | docker-php-ext-install exif &&\
21 | docker-php-ext-enable exif &&\
22 | rm -rf /var/lib/apt/lists/*
23 |
24 | # install upload-labs
25 | RUN cd /tmp/ &&\
26 | git clone https://github.com/c0ny1/upload-labs.git &&\
27 | rm -rf /var/wwww/html/* &&\
28 | mv /tmp/upload-labs/* /var/www/html/ &&\
29 | chown www-data:www-data -R /var/www/html/ && \
30 | rm -rf /tmp/*
31 |
32 | EXPOSE 80
33 |
--------------------------------------------------------------------------------
/docker/docker-php.conf:
--------------------------------------------------------------------------------
1 | #
2 | # SetHandler application/x-httpd-php
3 | #
4 |
5 | AddHandler application/x-httpd-php .php .php3 .phtml
6 |
7 | DirectoryIndex disabled
8 | DirectoryIndex index.php index.html
9 |
10 |
11 | Options -Indexes
12 | AllowOverride All
13 |
14 |
--------------------------------------------------------------------------------
/docker/php.ini:
--------------------------------------------------------------------------------
1 | [PHP]
2 | engine = On
3 | short_open_tag = Off
4 | asp_tags = Off
5 | precision = 14
6 | output_buffering = 4096
7 | zlib.output_compression = Off
8 | implicit_flush = Off
9 | unserialize_callback_func =
10 | serialize_precision = 17
11 | disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
12 | disable_classes =
13 | zend.enable_gc = On
14 | magic_quotes_gpc = Off
15 | expose_php = Off
16 | max_execution_time = 30
17 | max_input_time = 60
18 | memory_limit = 128M
19 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
20 | display_errors = Off
21 | display_startup_errors = Off
22 | log_errors = On
23 | log_errors_max_len = 1024
24 | ignore_repeated_errors = Off
25 | ignore_repeated_source = Off
26 | report_memleaks = On
27 | track_errors = Off
28 | html_errors = On
29 | variables_order = "GPCS"
30 | request_order = "GP"
31 | register_argc_argv = Off
32 | auto_globals_jit = On
33 | post_max_size = 8M
34 | auto_prepend_file =
35 | auto_append_file =
36 | default_mimetype = "text/html"
37 | default_charset = "UTF-8"
38 | doc_root =
39 | user_dir =
40 | enable_dl = Off
41 | file_uploads = On
42 | upload_max_filesize = 8M
43 | max_file_uploads = 20
44 | allow_url_fopen = On
45 | allow_url_include = On
46 | default_socket_timeout = 60
47 | [CLI Server]
48 | cli_server.color = On
49 | [Date]
50 | [filter]
51 | [iconv]
52 | [intl]
53 | [sqlite3]
54 | [Pcre]
55 | [Pdo]
56 | [Pdo_mysql]
57 | pdo_mysql.cache_size = 2000
58 | pdo_mysql.default_socket=
59 | [Phar]
60 | [mail function]
61 | SMTP = localhost
62 | smtp_port = 25
63 | mail.add_x_header = On
64 | [SQL]
65 | sql.safe_mode = Off
66 | [ODBC]
67 | odbc.allow_persistent = On
68 | odbc.check_persistent = On
69 | odbc.max_persistent = -1
70 | odbc.max_links = -1
71 | odbc.defaultlrl = 4096
72 | odbc.defaultbinmode = 1
73 | [Interbase]
74 | ibase.allow_persistent = 1
75 | ibase.max_persistent = -1
76 | ibase.max_links = -1
77 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
78 | ibase.dateformat = "%Y-%m-%d"
79 | ibase.timeformat = "%H:%M:%S"
80 | [MySQL]
81 | mysql.allow_local_infile = On
82 | mysql.allow_persistent = On
83 | mysql.cache_size = 2000
84 | mysql.max_persistent = -1
85 | mysql.max_links = -1
86 | mysql.default_port =
87 | mysql.default_socket =
88 | mysql.default_host =
89 | mysql.default_user =
90 | mysql.default_password =
91 | mysql.connect_timeout = 60
92 | mysql.trace_mode = Off
93 | [MySQLi]
94 | mysqli.max_persistent = -1
95 | mysqli.allow_persistent = On
96 | mysqli.max_links = -1
97 | mysqli.cache_size = 2000
98 | mysqli.default_port = 3306
99 | mysqli.default_socket =
100 | mysqli.default_host =
101 | mysqli.default_user =
102 | mysqli.default_pw =
103 | mysqli.reconnect = Off
104 | [mysqlnd]
105 | mysqlnd.collect_statistics = On
106 | mysqlnd.collect_memory_statistics = Off
107 | [OCI8]
108 | [PostgreSQL]
109 | pgsql.allow_persistent = On
110 | pgsql.auto_reset_persistent = Off
111 | pgsql.max_persistent = -1
112 | pgsql.max_links = -1
113 | pgsql.ignore_notice = 0
114 | pgsql.log_notice = 0
115 | [Sybase-CT]
116 | sybct.allow_persistent = On
117 | sybct.max_persistent = -1
118 | sybct.max_links = -1
119 | sybct.min_server_severity = 10
120 | sybct.min_client_severity = 10
121 | [bcmath]
122 | bcmath.scale = 0
123 | [browscap]
124 | [Session]
125 | session.save_handler = files
126 | session.use_strict_mode = 0
127 | session.use_cookies = 1
128 | session.use_only_cookies = 1
129 | session.name = PHPSESSID
130 | session.auto_start = 0
131 | session.cookie_lifetime = 0
132 | session.cookie_path = /
133 | session.cookie_domain =
134 | session.cookie_httponly =
135 | session.serialize_handler = php
136 | session.gc_probability = 0
137 | session.gc_divisor = 1000
138 | session.gc_maxlifetime = 1440
139 | session.referer_check =
140 | session.cache_limiter = nocache
141 | session.cache_expire = 180
142 | session.use_trans_sid = 0
143 | session.hash_function = 0
144 | session.hash_bits_per_character = 5
145 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
146 | [MSSQL]
147 | mssql.allow_persistent = On
148 | mssql.max_persistent = -1
149 | mssql.max_links = -1
150 | mssql.min_error_severity = 10
151 | mssql.min_message_severity = 10
152 | mssql.compatibility_mode = Off
153 | mssql.secure_connection = Off
154 | [Assertion]
155 | [COM]
156 | [mbstring]
157 | [gd]
158 | [exif]
159 |
160 | [Tidy]
161 | tidy.clean_output = Off
162 | [soap]
163 | soap.wsdl_cache_enabled=1
164 | soap.wsdl_cache_dir="/tmp"
165 | soap.wsdl_cache_ttl=86400
166 | soap.wsdl_cache_limit = 5
167 | [sysvshm]
168 | [ldap]
169 | ldap.max_links = -1
170 | [mcrypt]
171 | [dba]
172 | [opcache]
173 | [curl]
174 | [openssl]
175 |
--------------------------------------------------------------------------------
/footer.php:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
11 |