php

idn_to_ascii() in 5.2.17

旧巷老猫 提交于 2021-02-20 11:50:45
问题 There's a very handy function idn_to_ascii() in PHP 5.3, but I'm running 5.2.17 and I can't change that. How do I encode Unicode domain names to ascii then? 回答1: Peter's answer gives you the official IDN functions in PHP 5.2, and if possible it's probably the best answer. However some users will be unable to install a PECL library on their PHP system, so they would need to have a conversion library written in plain PHP which they can just include within their own code. Fortunately there is a

通达OA任意文件上传漏洞详细分析

谁说胖子不能爱 提交于 2021-02-20 11:39:03
影响 影响范围(但是只有V11版和2017版有包含文件的php,其余版本能上传文件.): V11版 2017版 2016版 2015版 2013增强版 2013版。 这个漏洞是几个月前的漏洞,主要是学习一下这个漏洞代码的形成原理和调式过程。 该漏洞主要是通过绕过身份验证的情况下上传文件,然后通过文件包含漏洞实现代 码执行 代码分析 源码经过zend 5.4加密,解密工具: SeayDzend,可以自行百度下载 在线解密 http://dezend.qiling.org/free.html 任意文件上传的关键文件 webroot\ispirit\im\upload.php 代码分析: 可以看到只要判断P参数是否不为空,就开启了session 没有P参数时候 有的时候 继续往下走 判断DEST_UID是否不为空,否则就会退出 判断DEST_UID=0的时候,如果UPLOAD_MODE不等于2就直接退出了 判断DEST_UID不等于0的时候直接判断$_FILES数量是否有,也就是判断有没有上传文件 这里可以是第二个情况,DEST_UID=0,UPLOAD_MODE=2进行下一步 也可以是DEST_UID不为0进入下一步 继续往下走 可以这里又if语判断上传的模式,我们来看看上传的模式有哪几种,可以看到总共有1,2,3,其中1,2,3如果成功了是有回显的 这里设置upload_mode为1

Replace $x<y$ by $x < y$

左心房为你撑大大i 提交于 2021-02-20 11:24:56
问题 I want to search in text for the less than sign < between dollar signs like $x<y$ and replace it by $x < y$ . I am using mathjax and less than sign causes some problems in rendering Mathjax.(See here: http://docs.mathjax.org/en/latest/tex.html#tex-and-latex-in-html-documents). I tried $text = preg_replace("/\$(.*?)(<)(.*?)\$/","/\$$1 < $3\$/",$text) but I am not sure if this is a good solution. I am new to programming:) Thank you for your help. 回答1: I edited my previous answer - now try this:

通达OA-感染勒索病毒漏洞分析

不羁岁月 提交于 2021-02-20 11:04:21
No.1 声明 由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,雷神众测以及文章作者不为此承担任何责任。 雷神众测拥有对此文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的完整性,包括版权声明等全部内容。未经雷神众测允许,不得任意修改或者增减此文章内容,不得以任何方式将其用于商业目的。 No.2 引言 开篇的首先感谢l1nk3r大佬的帮助。 前天看到通达OA官方发布的一则更新公告 http://club.tongda2000.com/forum.php?mod=viewthread&tid=128377&extra=page%3D1 No.3 第一个漏洞点 下了2017版本和最新版本的代码(这里遇到了一个坑点,2017版本的相当于只有漏洞的一半,为啥是一半后面会提到) 下载地址如下:http://www.tongda2000.com/download/2017.php 打开以后发现php代码都是混淆过后的(sublime打开如下图所示,用其他编辑器打开是乱码) 通达OA的代码加密方式用的是zend,网上找在线解密即可 也可以下载批量解密工具进行解密 然后我下载了对应版本的补丁包。通过查看补丁包发现主要是针对某一个文件进行补丁 然后针对未打补丁的和打补丁的进行对比查看,发现主要不同点在include_once('auth.php')这里

通达OA权限提升漏洞通告

99封情书 提交于 2021-02-20 10:50:21
0x00 漏洞背景 2020年04月22日, 360CERT监测发现 通达OA官方 发布了编号为 11.5.200417 的更新通告,此次更新修复了一枚权限提升漏洞,漏洞等级: 高危 。 通达OA是由北京通达信科科技有限公司研发的一款通用型OA产品,涵盖了个人事务、行政办公、流程审批、知识管理、人力资源管理、组织机构管理等企业信息化管理功能。2015年,通达云OA入驻阿里云企业应用专区,已为众多中小企业提供了稳定、可靠、强悍的云计算支撑。 通达OA 存在 权限提升漏洞 , 攻击者 通过 发送特制请求包 ,可以造成 权限提升(未认证用户提升到管理员) 。 对此,360CERT建议广大用户及时安装最新补丁,做好资产自查以及预防工作,以免遭受黑客攻击。 0x01 风险等级 360CERT对该漏洞的评定结果如下 评定方式 等级 威胁等级 高危 影响面 有限 0x02 漏洞详情 在 通达OA 存在如下代码逻辑 $UID = intval( $_POST [ "UID" ]); ... $query = "SELECT * from USER where UID=' $UID '" ; if($ROW = mysql_fetch_array( $cursor )){ $USER_ID = $ROW [ "USER_ID" ]; $PWD = $ROW [ "PASSWORD" ];

MongoDB select distinct and where

心不动则不痛 提交于 2021-02-20 10:17:23
问题 So I'm doing a select distinct which works, but I also want to add another key. $data = $this->db->command(array("distinct" => "scores","key"=>"target_user")); I need something like this: SELECT DISTINCT target_user FROM scores where seen = 1 Can it be done in mongo? 回答1: You can do it as follows by using distinct query : db.scores.distinct("target_user", {"seen":1}) Running distinct query using Aggregate Framework is shown below. Inserted following records into MongoDB. db.scores.insert(

MongoDB select distinct and where

旧城冷巷雨未停 提交于 2021-02-20 10:16:56
问题 So I'm doing a select distinct which works, but I also want to add another key. $data = $this->db->command(array("distinct" => "scores","key"=>"target_user")); I need something like this: SELECT DISTINCT target_user FROM scores where seen = 1 Can it be done in mongo? 回答1: You can do it as follows by using distinct query : db.scores.distinct("target_user", {"seen":1}) Running distinct query using Aggregate Framework is shown below. Inserted following records into MongoDB. db.scores.insert(

Customizing loop product image via a hook in Woocommerce

萝らか妹 提交于 2021-02-20 10:11:29
问题 I am customizing woocommerce themes. I stuck on loop product using hook action woocommerce. To call/include the thumbnail image in a loop, we call this hook <?php do_action('woocommerce_before_shop_loop_item_title'); ?> And the thumbnail image appears. I am confused where is the <img src"" .... location? How to edit that code? Thanks 回答1: The hook woocommerce_before_shop_loop_item_title load the image from this function code: if ( ! function_exists( 'woocommerce_template_loop_product

PHP SoapClient malformed xml

久未见 提交于 2021-02-20 09:17:33
问题 I'm communicating with a webservice in SOAP with php. Here's my code : $data = array('name' => 'test', 'age' => 20); $WDSL = 'http://xxx.xxxxx.xxx/wdsl.ibs?wsdl'; $SOAP = new SoapClient($WDSL, array('trace' => true)); $RESULT = $SOAP->__soapCall('Some_Service', $data); For some reason, the XML is wrong : <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:Some_Crap"><SOAP-ENV:Body><ns1:Some_Service/><param1>test<

PHP SoapClient malformed xml

邮差的信 提交于 2021-02-20 09:10:56
问题 I'm communicating with a webservice in SOAP with php. Here's my code : $data = array('name' => 'test', 'age' => 20); $WDSL = 'http://xxx.xxxxx.xxx/wdsl.ibs?wsdl'; $SOAP = new SoapClient($WDSL, array('trace' => true)); $RESULT = $SOAP->__soapCall('Some_Service', $data); For some reason, the XML is wrong : <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:Some_Crap"><SOAP-ENV:Body><ns1:Some_Service/><param1>test<