Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
-CentOS apm1
php
--
-1.
2.
3.
4.
5.
6.
7.
-
php
(, ... )
php & DB (MySQL, Oracle, MS-SQL ...)
OWASP Top 10
php
DoS php
:
:
# apachectl restart
4. php webuser
- php /home/webuser/public_html .
: \\php\source
# chown -R webuser.webuser /home/webuser/public_html/source
5. editplus ftp
- http://editplus.co.kr .
-> FTP -> FTP ->
: centos5.8
FTP : 192.168.20.223
Username : webuser
Password : webuser's passwd
: public_html
:
: sftp
: 22
.
centos5.8
~ .
===========================================================
1. CGI .
2. .
3. .
===========================================================
# cd /usr/local/apache/cgi-bin
# chmod 755 *
# vi test.c
-- test.c -#include <stdio.h>
int main()
{
printf("Content-type: text/html\n\n");
printf("<center> Hello cgi </center>");
return 0;
}
-- test.c -# gcc -o test.cgi test.c
# ./test.cgi
-
http://192.168.20.223/cgi-bin/printenv
http://192.168.20.223/cgi-bin/test-cgi
http://192.168.20.223/cgi-bin/test.cgi
- /usr/local/apache/cgi-bin
cgi
cgi .
# vi ../conf/httpd.conf
-- ../conf/httpd.conf -:
DirectoryIndex index.html index.php index.cgi
:
<VirtualHost *:80>
#ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /home/webuser/public_html
ServerName 192.168.56.102
ErrorLog
logs/192.168.56.102-error_log
CustomLog
logs/192.168.56.102-access_log common
<Directory "/home/webuser/public_html">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# ExecCGI cgi .
<Directory "/home/webuser/public_html/cgi">
Options ExecCGI
AddHandler cgi-script .cgi .pl
</Directory>
</VirtualHost>
-- ../conf/httpd.conf -# apachectl restart
$ cd public_html
$ mkdir cgi; cd cgi
$ vi index.c
-- index.c -#include <stdio.h>
int main()
{
char message[] = "Welcome to my server!";
char message2[] = " <font color=red size=7>hello</font>";
printf("Content-type: text/html\n\n");
printf("<html>\n"
"<head><title> %s </title></head>\n"
"<body>\n"
"<center>\n"
" %s \n"
"</center>\n"
"</body>\n"
"</html>", message, message2);
return 0;
}
-- index.c --
:
- .
http://192.168.20.223/cgi/
-
cgi html
.
# telnet 192.168.56.102 80
Trying 192.168.56.102...
Connected to 192.168.56.102 (192.168.56.102).
Escape character is '^]'.
GET /cgi/ HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 07 Jul 2015 05:13:50 GMT
Server: Apache/1.3.41 (Unix) PHP/4.4.8
Connection: close
Content-Type: text/html
<html>
<head><title> Welcome to my server! </title></head>
<body>
<center>
<font color=red size=7>hello</font>
</center>
</body>
</html>
===========================================================
===========================================================
LAB> php
!! disable_functions
!! .
!! php .
# cp php.ini-dist /usr/local/php/lib/php.ini
# vi /usr/local/php/lib/php.ini
-- php.ini -:
:
disable_functions = system, shell_exec
:
:
-- php.ini -# apachectl restart
Warning: system() has been disabled for security reasons
in /home/webuser/public_html/source/chapter02/p98-shell-linux.php on line 11
===========================================================
- expose_php = On
# telnet 192.168.56.102 80
Trying 192.168.56.102...
Connected to 192.168.56.102 (192.168.56.102).
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 07 Jul 2015 12:54:46 GMT
Server: Apache/1.3.41 (Unix) PHP/4.4.8
Connection: close
Content-Type: text/html
- expose_php = Off
# telnet 192.168.56.102 80
Trying 192.168.56.102...
Connected to 192.168.56.102 (192.168.56.102).
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 07 Jul 2015 12:57:30 GMT
Server: Apache/1.3.41 (Unix)
===========================================================
LAB> form .
if(submit )
{
.
}else {
.
}
<?
if(!isset($_POST[submit]))
{
?>
<TABLE border=1>
<TR>
<TD> .</TD>
</TR>
</TABLE>
<FORM METHOD="POST" STYLE="display:inline">
<TABLE border=1>
<TR>
<TD>name</TD>
<TD><INPUT TYPE="TEXT" NAME="name"></TD>
</TR>
<TR>
<TD>userid</TD>
<TD><INPUT TYPE="TEXT" NAME="userid"></TD>
</TR>
<TR>
<TD colspan=2><INPUT TYPE="SUBMIT"></TD>
</TR>
<input type=hidden name=submit value=1>
</TABLE>
</FORM>
<?
} else
{
echo " $_POST[name]
$_POST[userid] ";
}
?>
===========================================================
===========================================================
LAB> .
-- register.html -<html>
<head>
<title> </title>
</head>
<body>
<?
$method_value="post";
$action_value="registerok.html";
$table_cellpadding=8;
$table_width=500;
?>
<form method=<?=$method_value?>
action=<?=$action_value?>
onSubmit=check_form()>
<table align=center border=1
cellpadding=<?=$table_cellpadding?>
cellspacing=0
width=<?=$table_width?>>
<tr>
<td align=center> </td>
<td> <input type=text name=username size=30> </td>
</tr>
<tr>
<td align=center> </td>
<td> <input type=text name=userid size=30> </td>
</tr>
<tr>
<td align=center> </td>
<td> <input type=password name=userpw size=30> </td>
</tr>
<tr>
<td align=center> </td>
<td>
<select name=tel1>
<option value="02">02</option>
<option value="031">031</option>
<option value="032">032</option>
<option value="010" selected>010</option>
</select> <input type=text name=tel2 size=7> <input type=text name=tel3 size=7>
</td>
</tr>
<tr>
<td align=center> </td>
<td>
<input type=radio name=regpath value=>
<input type=radio name=regpath value=>
<input type=radio name=regpath value=>
<input type=radio name=regpath value=>
</td>
</tr>
<tr>
<td align=center> </td>
<td>
<input type=checkbox name=interest1 value=>
<input type=checkbox name=interest2 value=>
<input type=checkbox name=interest3 value=>
<input type=checkbox name=interest4 value=>
</td>
</tr>
<tr>
<td> </td>
<td>
<textarea name=memo rows=10 cols=50></textarea>
</td>
</tr>
<tr>
<td align=center colspan=2> <input type=submit value=> </td>
</tr>
</table>
</form>
</body>
</html>
-- register.html --- registerok.html -<?
// POST .
// print_r($_POST);
$dbhost
$dbuser
$dbpass
$dbname
=
=
=
=
"localhost";
"webuser";
"webuser1234";
"webuser";
// POST .
$username = $_POST['username'];
$userid
= $_POST['userid'];
$userpw
= $_POST['userpw'];
$tel
= $_POST['tel1'] . "-" . $_POST['tel2'] . "-" . $_POST['tel3'];
$regpath = $_POST['regpath'];
$interest1 = $_POST['interest1'];
$interest2 = $_POST['interest2'];
$interest3 = $_POST['interest3'];
$interest4 = $_POST['interest4'];
$memo
= $_POST['memo'];
/*
* -* 1.
* 2.
* 3.
*/
-DBMS
DB
// DBMS
// : mysql_connect(, , );
$dbconnect = @mysql_connect($dbhost, $dbuser, $dbpass) or die("DBMS ");
// DB
mysql_select_db($dbname, $dbconnect);
//
$query = "INSERT INTO member VALUES(
'',
'$username',
'$userid',
'$userpw',
'$tel',
'$regpath',
'$interest1',
'$interest2',
'$interest3',
'$interest4',
'$memo',
now(),
'$_SERVER[REMOTE_ADDR]'
)
";
// echo $query;
//
mysql_query($query);
?>
<script language=javascript>
<!-alert(" ");
location.href = "register.html";
//-->
</script>
-- registerok.html --- DB DML -insert into values( , ... );
insert into (, ...) values( '', ... );
select * from ;
truncate ;
delete from ;
delete from WHERE no = 1;
-- DB DML --- DB -# /etc/init.d/mysqld stop
# rm -rf /usr/local/mysql/data
# mysql_install_db
# chown mysql.mysql /usr/local/mysql/data -R
# /etc/init.d/mysqld start
# mysqladmin -u root -p password 1234
password:
# mysql -h localhost -u root -p1234
mysql> quit
# vi ~/.my.cnf
<--
-- ~/.my.cnf --
<-<-<-<-<-<-<-<--
mysql
DB
DB
DB
mysql
[client]
host = localhost
user = root
password = 1234
-- ~/.my.cnf -# mysql
mysql> select user();
mysql> select host,user,password from mysql.user; <-- user table
mysql> delete from mysql.user where password = ''; <--
mysql> create database webuser; <-- webuser DB
mysql> show databases;
<-- DB
mysql> use webuser;
<-- webuser DB
mysql> \e
<--
create table member (
no int not null default 0 auto_increment,
username varchar(20) not null,
userid varchar(20) not null,
userpw varchar(20) not null,
call
varchar(20) not null,
regpath varchar(20),
interest1 varchar(10),
interest2 varchar(10),
interest3 varchar(10),
interest4 varchar(10),
memo text,
date datetime,
ipaddr varchar(15),
primary key (no)
)TYPE=MyISAM;
mysql> \e
-> ;
Query OK, 0 rows affected (0.00 sec)
mysql> show tables;
+-------------------+
| Tables_in_webuser |
+-------------------+
| member
|
+-------------------+
1 row in set (0.00 sec)
mysql> desc member;
+-----------+-------------+------+-----+---------+----------------+
| Field
| Type
| Null | Key | Default | Extra
|
+-----------+-------------+------+-----+---------+----------------+
| no
| int(11)
|
| PRI | NULL
| auto_increment |
| username | varchar(20) |
|
|
|
|
| userid
| varchar(20) |
|
|
|
|
| userpw
| varchar(20) |
|
|
|
|
| call
| varchar(20) |
|
|
|
|
| regpath | varchar(20) | YES |
| NULL
|
|
| interest1 | varchar(10) | YES |
| NULL
|
|
| interest2 | varchar(10) | YES |
| NULL
|
|
| interest3 | varchar(10) | YES |
| NULL
|
|
| interest4 | varchar(10) | YES |
| NULL
|
|
| memo
| text
| YES |
| NULL
|
|
| date
| datetime
| YES |
| NULL
|
|
| ipaddr
| varchar(15) | YES |
| NULL
|
|
+-----------+-------------+------+-----+---------+----------------+
13 rows in set (0.00 sec)
-- DB --
:
GRANT ALL privileges ON database.* TO ID@127.0.0.1 IDENTIFIED BY '';
o db
db user : webuser
db pass : webuser1234
database : webuser
mysql>
->
mysql>
mysql>
mysql>
- webuser DB .
# mysql -u webuser -pwebuser1234 webuser
~~~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~
DB
- webuser .
mysql> select user();
<--
+-------------------+
| user()
|
+-------------------+
| webuser@localhost |
+-------------------+
1 row in set (0.00 sec)
mysql> select database(); <-- DB
+------------+
| database() |
+------------+
| webuser
|
+------------+
1 row in set (0.00 sec)
===========================================================
===========================================================
LAB> proxy tool GET / POST method
!!! POST !!!
http://paros.sourceforge.net -> paros
http://oracle.com -> jre(Java Runtime Environment)
- oracle .
JDK (Java Development Kit)
. JRE .
JRE (Java Runtime Environment)
.
1.
- Paros, JRE .
2. Paros
- localhost:8080
- 192.168.20.4:8080
3. proxy
- 127.0.0.1:8080
- 192.168.20.x:8080
4. POST
5. Paros trap request
6. HTTP
+------------------------+
+-------+ | +-------+ +-------+ |
|
| | |
| |
| |
| Client| | | Proxy | | Server| |
|
| | |
| |
| |
+-------+ | +-------+ +-------+ |
20.3
|
20.5
20.6
|
|
+------------------------+
|
windows 8 (20.5)
|
| 2 client
+-- proxy server : 20.5
| : http://192.168.20.6
|
| 3 client
+-- proxy server : 20.5
: http://192.168.20.7
+--------+
|
|
| Server |
|
|
+--------+
20.7
===========================================================
===========================================================
LAB> .
: LEVEL1
http://192.168.20.203/index.html
===========================================================
===========================================================
LAB> .
: LEVEL2
http://192.168.20.203/index2.html
===========================================================
===========================================================
LAB> .
: LEVEL3
http://192.168.20.203/index3.html
===========================================================
===========================================================
LAB> .
: LEVEL4
Hint : key .
http://192.168.20.203/index4.html
: ha??????????????? ^^*
===========================================================
===========================================================
LAB> .
!!! !!!
</tr>
<tr>
</table>
</form>
</body>
</html>
===========================================================
===========================================================
LAB> .
!!! !!!
-- --
1.
2.
3.
4.
5.
6.
7.
--
html
form action
DB
--
1.
-- register.html -<html>
<head>
<title> </title>
</head>
<body>
<?
$cur_timestamp = mktime();
$end_timestamp = mktime(12,50,0,7,10,2015);
// echo "cur_timestamp : " . $cur_timestamp . "<br>";
// echo "end_timestamp : " . $end_timestamp . "<br>";
$method_value="post";
$action_value="registerok.html";
$table_cellpadding=8;
$table_width=500;
// $e 1 .
if($cur_timestamp > $end_timestamp)
{
$e = 1;
}
?>
<form method=<?=$method_value?>
action=<?=$action_value?>
onSubmit=check_form()>
<table align=center border=1
cellpadding=<?=$table_cellpadding?>
cellspacing=0
width=<?=$table_width?>>
<?
if($e==1)
{
?>
<tr>
<td align=center colspan=2> </td>
</tr>
<?
}
?>
<tr>
<td align=center> </td>
<td> <input <?if($e==1)echo "disabled"?> type=text name=username size=30
> </td>
</tr>
<tr>
</body>
</html>
-- register.html -2.
- html
3. html
- disabled .
4. form action
- form action registerok.html .
-
http://192.168.56.102/source/chapter03/register.html
|
v
http://192.168.56.102/source/chapter03/registerok.html
- form action
<form method=post
action=http://192.168.56.102/source/chapter03/registerok.html
:
:
5.
- .
6. DB
- DB .
7.
- registerok.html
.
-- registerok.html -<?
$cur_timestamp = mktime();
$end_timestamp = mktime(12,50,0,7,10,2015);
if($cur_timestamp > $end_timestamp)
{
echo " ";
exit;
}
:
:
-- registerok.html -==========================================================
==========================================================
LAB> php .
!!! . !!!
php
1.
-
# ln -s /usr/local/php/bin/* /usr/bin
# vi fwrite.php
-- fwrite.php -#!/usr/bin/php
<?
$handle = fopen("/tmp/a.txt", "w");
// $string = " PHP ";
$string = "";
fwrite($handle, $string);
fclose($handle);
?>
-- fwrite.php -# chmod 755 fwrite.php
# rm -f /tmp/a.txt
# ./fwrite.php
# cat /tmp/a.txt
2.
- php
# php fwrite.php
==========================================================
http://php.net/manual/kr/features.file-upload.post-method.php
==========================================================
LAB>
: 4-27.php
<form method=post
action=<?=$_SERVER['PHP_SELF']?>
enctype=multipart/form-data>
<input type=file name=userfile>
<input type=submit value=>
</form>
<?
/*
* /tmp/uploads (nobody)
* .
*/
if(isset($_FILES['userfile']['tmp_name']))
{
$upload_dir = "/tmp/uploads/";
$upload_file = $upload_dir . $_FILES['userfile']['name'];
// .
if(!is_dir($upload_dir) )
{
mkdir($upload_dir, 0700);
}
if (is_uploaded_file($_FILES['userfile']['tmp_name']))
{
###########################################################
##
##
## php html . ##
## explode .
##
## explode .
##
###########################################################
$ext = explode(".", $_FILES['userfile']['name']);
/*
* print_r($ext);
* echo count($ext);
* echo "<br>";
* echo " : " . $ext[count($ext) - 1];
* exit;
*/
// count .
//
//
//
//
//
//
//
Linux strcasecmp
.
3 .
php .
RemoveType php
.
1 : , 2 : RemoveType
if($ext[count($ext)-1] == "html" ||
$ext[count($ext)-1] == "php" ||
$ext[count($ext)-1] == "kr")
{
echo "<script language=JavaScript>
alert(' ');
history.go(-1);
</script>
";
exit;
}
//
move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_file);
echo $_FILES['userfile']['tmp_name']." .";
}
?>
}
else {
echo $_FILES['userfile']['tmp_name']." .";
}
a.txt.gif.php
==========================================================
*** . ***
html
.
.
php
javascript
==========================================================
LAB> 11
... strcut .
<?
$str = 'abcdef';
echo "'{$str}' : " . strlen($str) . "<BR>";
$str = ' ';
echo "'{$str}' : " . strlen($str) . "<BR>";
// .
function strcut($str) {
$length = strlen($str); //
if($length > 10)
// 11
{
$str = substr($str, 0, 10); // 10
$str .= "...";
// ... .
}
return $str; // .
$teststr = "0123456789ABCDEF";
$teststr2 = "01234567";
echo strcut($teststr); // 0123456789...
echo "<br>";
echo strcut($teststr2); // 01234567
?>
==========================================================
==========================================================
-- 6-session_test.php -<?
session_start();
//$_SESSION['loginuser'] = "admin";
//$_SESSION['loginlevel'] = 1;
if(isset($_SESSION['loginuser']))
{
echo $_SESSION['loginuser'] . " ";
echo "<a href=logout.php> </a>";
} else {
echo " !";
}
?>
-- 6-session_test.php --- logout.php -<?
session_start();
session_destroy();
?>
<meta http-equiv=refresh content='0; url=6-session_test.php'>
-- logout.php -==========================================================
session
php session ?
session_start();
chapter06
|
+-- a.php
|
+-- b.php
o
-- a.php -a.php
-- a.php --- b.php -b.php
-- b.php -o
- Cookie ...
-- a.php -<?
session_start();
// (/tmp) .
// : sess_ (0byte)
?>
-- a.php --- b.php -<?
session_start();
session_destroy();
// (/tmp) .
?>
b.php
-- b.php -# ls /tmp
*****
*****
*****
*****
session_start() html 1
.
html session_start()
.
session_start();
?>
-- a.php -ex2) 2
- 1 .
-- a.php -<?
session_start();
?>
a.php
-- a.php -o php.ini session .
# vi /usr/local/php/lib/php.ini
-- /usr/local/php/lib/php.ini -:
:
[Session]
-- /usr/local/php/lib/php.ini -o
-- a.php -<?
session_start();
$a = 1;
echo "a = " . $a . "<br>";
echo "b = " . $b . "<br>";
?>
a.php
-- a.php --- b.php -<?
session_start();
$b = 2;
echo "a = " . $a . "<br>";
echo "b = " . $b . "<br>";
?>
b.php
-- b.php --- a.php -a = 1
b =
a.php
-- b.php -a =
b = 2
b.php
o a.php b.php ( )
- : $_SESSION[''] = ;
-- -1. a.php , b.php
2. a.php
- a : O,
3. b.php
- a : O,
4. a.php
- a : O,
5.
-- --
b : X
b : O
b : O
-- a.php -<?
session_start();
$a = 1;
// a a .
// /tmp/ a .
$_SESSION['a'] = $a;
// b b .
$b = $_SESSION['b'];
echo "a = " . $a . "<br>";
echo "b = " . $b . "<br>";
?>
a.php
-- a.php --- b.php -<?
session_start();
$b = 2;
$_SESSION['b'] = $b;
$a = $_SESSION['a']; // a a .
echo "a = " . $a . "<br>";
echo "b = " . $b . "<br>";
?>
b.php
-- b.php - a .
# vi /tmp/sess_efd04215ba4dc2f0e8ab78faa72223f5
-- /tmp/sess_efd04215ba4dc2f0e8ab78faa72223f5 -a|i:10;b|i:2;
-- /tmp/sess_efd04215ba4dc2f0e8ab78faa72223f5 -b.php
-- -a = 10
b = 2
b.php
-- -a.php
- a.php a 1 a 1
.
-- -a = 1
b = 2
b.php
-- -# cat /tmp/sess_efd04215ba4dc2f0e8ab78faa72223f5
a|i:1;b|i:2;
1.
.
PHPSESSID=efd04215ba4dc2f0e8ab78faa72223f5
2. .
-- a.php -<?
session_start();
$a = 1;
$_SESSION['a'] = $a;
$b = $_SESSION['b'];
$_SESSION['userid'] = "admin";
echo "a = " . $a . "<br>";
echo "b = " . $b . "<br>";
if(isset($_SESSION['userid']))
{
echo $_SESSION['userid'] . " " . "<br>";
} else {
echo " ";
}
?>
a.php
-- a.php -a.php
# cat /tmp/sess_efd04215ba4dc2f0e8ab78faa72223f5
a|i:1;b|i:2;userid|s:5:"admin";
-> -> -> a.php
/tmp sess_232e636b528f617d86a0ed4a96c88884
.
# ls /tmp/
sess_efd04215ba4dc2f0e8ab78faa72223f5
sess_232e636b528f617d86a0ed4a96c88884
# cat sess_efd04215ba4dc2f0e8ab78faa72223f5
a|i:1;b|i:2;userid|s:5:"admin";
- admin user1 .
# vi sess_232e636b528f617d86a0ed4a96c88884
-- sess_232e636b528f617d86a0ed4a96c88884 -a|i:1;userid|s:5:"user1";
-- sess_232e636b528f617d86a0ed4a96c88884 -# cat sess_232e636b528f617d86a0ed4a96c88884
a|i:1;userid|s:5:"user1";
- a.php
-- a.php -<?
session_start();
$a = 1;
$_SESSION['a'] = $a;
$b = $_SESSION['b'];
// $_SESSION['userid'] = "admin";
admin .
admin user1 admin
.
-- a.php -:
:
// session_destroy();
?>
-- a.php -o
- admin/user1 .
- DB .
o
login.php
1. login.php
- userid userpw loginok.php .
-- - : post
URL : loginok.php
1 (userid) : userid
2 (userpw) : userpw
userid .
-- --- login.php -<?
session_start();
if(!isset($_SESSION['userid'])) //
{
?>
<form method=post action=loginok.php>
<table align=center border=1 cellpadding=5 cellspacing=0 width=250>
<tr>
<td align=ceter> id </td>
<td> <input type=text name=userid> </td>
</tr>
<tr>
<td align=ceter> pw </td>
<td> <input type=password name=userpw> </td>
</tr>
<tr>
<td align=center colspan=2>
<input type=submit value=>
</td>
</tr>
</table>
</form>
<?
} else { //
?>
<table align=center border=1
cellpadding=5 cellspacing=0 width=250>
<tr>
<td align=ceter>
<?=$_SESSION['userid']?> !!!
</td>
</tr>
<tr>
<td align=center colspan=2>
<a href=logout.php></a>
</td>
</tr>
</table>
<?
}
?>
-- login.php -2. loginok.php
- .
-- -1 :
userid : user1, userpw : user1234
2 :
userid : admin, userpw : admin1234
- userid userpw
login.php .
$_SESSION['userid'] .
- userid userpw
login.php .
-- --- loginok.php -<?
session_start();
$user1_id = "user1";
$user1_pw = "user1234";
$user2_id = "admin";
$user2_pw = "admin1234";
// userid userpw .
if($user1_id == $_POST['userid'] && $user1_pw == $_POST['userpw'] )
{
$_SESSION['userid'] = "user1";
}
else // userid userpw .
if($user2_id == $_POST['userid'] && $user2_pw == $_POST['userpw'] )
{
$_SESSION['userid'] = "admin";
} else { // user1 admin .
echo "<script language=JavaScript>
alert('id pw !');
history.go(-1);
</script>
";
exit;
}
?>