Goby扫到弱口令
登陆看看
表名都wp开头 判断是wordpress
在这找到网站地址
访问网站
后台地址默认wp-admin
在数据库里添加一个账号
百度搜索wordpress明文加密123456
这串加密字符明文是123456
在wp_usermeta这个表里 不然直接使用创建的账户登陆是登不上仪表盘的
添加权限
在这些表下将user_id =2 meta_key一样 沿着顺序下来 将27条数字一一复制
登陆后台
在主题模板插入一句话
访问地址为http://www.xxx.com/wp-content/themes/(红箭头指的主题名字)/404.php
Getshell
菜刀连接一下
菜刀连不上,应该是php7将菜刀的连接函数禁掉了
这站就没那么简单了。
不懂就百度!
百度搜索fopen()函数的使用方法
fopen
(PHP 4, PHP 5, PHP 7, PHP 8)
fopen — 打开文件或者 URL
说明
fopen(
string $filename,
string $mode,
bool $use_include_path = false,
resource $context = ?
): resource
fopen() 将 filename 指定的名字资源绑定到一个流上。
参数
filename
如果 filename 是 "scheme://..." 的格式,则被当成一个 URL,PHP 将搜索协议处理器(也被称为封装协议)来处理此模式。如果该协议尚未注册封装协议,PHP 将发出一条消息来帮助检查脚本中潜在的问题并将 filename 当成一个普通的文件名继续执行下去。
如果 PHP 认为 filename 指定的是一个本地文件,将尝试在该文件上打开一个流。该文件必须是 PHP 可以访问的,因此需要确认文件访问权限允许该访问。如果激活了 open_basedir 则会应用进一步的限制。
如果 PHP 认为 filename 指定的是一个已注册的协议,而该协议被注册为一个网络 URL,PHP 将检查并确认 allow_url_fopen 已被激活。如果关闭了,PHP 将发出一个警告,而 fopen 的调用则失败。
注意:
所支持的协议列表见支持的协议和封装协议。某些协议(也被称为 wrappers)支持 context 和/或 php.ini 选项。参见相应的页面哪些选项可以被设定(例如 php.ini 中用于 http wrapper 的 user_agent 值)。
On the Windows platform, be careful to escape any backslashes used in the path to the file, or use forward slashes.
<?php
$handle = fopen("c:\\folder\\resource.txt", "r");
?>
mode
mode 参数指定了所要求到该流的访问类型。可以是以下:
fopen() 中 mode 的可能值列表
mode 说明
'r' 只读方式打开,将文件指针指向文件头。
'r+' 读写方式打开,将文件指针指向文件头。
'w' 写入方式打开,将文件指针指向文件头并将文件大小截为零。如果文件不存在则尝试创建之。
'w+' 读写方式打开,将文件指针指向文件头并将文件大小截为零。如果文件不存在则尝试创建之。
'a' 写入方式打开,将文件指针指向文件末尾。如果文件不存在则尝试创建之。
'a+' 读写方式打开,将文件指针指向文件末尾。如果文件不存在则尝试创建之。
'x' 创建并以写入方式打开,将文件指针指向文件头。如果文件已存在,则 fopen() 调用失败并返回 false,并生成一条 E_WARNING 级别的错误信息。如果文件不存在则尝试创建之。这和给 底层的 open(2) 系统调用指定 O_EXCL|O_CREAT 标记是等价的。
'x+' 创建并以读写方式打开,其他的行为和 'x' 一样。
'c' Open the file for writing only. If the file does not exist, it is created. If it exists, it is neither truncated (as opposed to 'w'), nor the call to this function fails (as is the case with 'x'). The file pointer is positioned on the beginning of the file. This may be useful if it's desired to get an advisory lock (see flock()) before attempting to modify the file, as using 'w' could truncate the file before the lock was obtained (if truncation is desired, ftruncate() can be used after the lock is requested).
'c+' Open the file for reading and writing; otherwise it has the same behavior as 'c'.
注意:
不同的操作系统家族具有不同的行结束习惯。当写入一个文本文件并想插入一个新行时,需要使用符合操作系统的行结束符号。基于 Unix 的系统使用 \n 作为行结束字符,基于 Windows 的系统使用 \r\n 作为行结束字符,基于 Macintosh 的系统使用 \r 作为行结束字符。
如果写入文件时使用了错误的行结束符号,则其它应用程序打开这些文件时可能会表现得很怪异。
Windows 下提供了一个文本转换标记('t')可以透明地将 \n 转换为 \r\n。与此对应还可以使用 'b' 来强制使用二进制模式,这样就不会转换数据。要使用这些标记,要么用 'b' 或者用 't' 作为 mode 参数的最后一个字符。
默认的转换模式依赖于 SAPI 和所使用的 PHP 版本,因此为了便于移植鼓励总是指定恰当的标记。如果是操作纯文本文件并在脚本中使用了 \n 作为行结束符,但还要期望这些文件可以被其它应用程序例如 Notepad 读取,则在 mode 中使用 't'。在所有其它情况下使用 'b'。
在操作二进制文件时如果没有指定 'b' 标记,可能会碰到一些奇怪的问题,包括坏掉的文件以及关于 \r\n 字符的奇怪问题。
注意:
为移植性考虑,强烈建议在用 fopen() 打开文件时总是使用 'b' 标记。
注意:
再一次,为移植性考虑,强烈建议你重写那些依赖于 't' 模式的代码使其使用正确的行结束符并改成 'b' 模式。
use_include_path
如果也需要在 include_path 中搜寻文件的话,可以将可选的第三个参数 use_include_path 设为 '1' 或 true。
context
注意: 在 PHP 5.0.0 中增加了对上下文(Context)的支持。有关上下文(Context)的说明参见 Streams。
返回值
成功时返回文件指针资源,如果打开失败,本函数返回 false。
错误/异常
如果打开失败,会产生一个 E_WARNING 错误。可以通过 @ 来屏蔽错误。
更新日志
版本 说明
4.3.2 自 PHP 4.3.2 起,对所有区别二进制和文本模式的平台默认模式都被设为二进制模式。如果在升级后脚本碰到问题,尝试暂时使用 't' 标记,直到所有的脚本都照以下所说的改为更具移植性以后。
4.3.2 增加了选项 'x' 和 'x+'
5.2.6 增加了选项 'c' 和 'c+'
范例
示例 #1 fopen() 例子
<?php
$handle = fopen("/home/rasmus/file.txt", "r");
$handle = fopen("/home/rasmus/file.gif", "wb");
$handle = fopen("http://www.example.com/", "r");
$handle = fopen("ftp://user:password@example.com/somefile.txt", "w");
?>
注释
警告
使用 SSL 时,Microsoft IIS 会违反协议不发送close_notify标记就关闭连接。PHP 会在到达数据尾端时报告“SSL: Fatal Protocol Error”。 要解决此问题,error_reporting 应设定为降低级别至不包含警告。 PHP 4.3.7 及更高版本可以在使用 https:// 包装器打开流时检测出有问题的 IIS 服务器软件 并抑制警告。在使用 fsockopen() 创建 ssl:// 套接字时, 开发者需检测并抑制此警告。
注意:
如果在用服务器模块版本的 PHP 时在打开和写入文件上遇到问题,记住要确保所使用的文件和目录是服务器进程所能够访问的。
注意:
This function may also succeed when filename is a directory. If you are unsure whether filename is a file or a directory, you may need to use the is_dir() function before calling fopen().
参见
支持的协议和封装协议
fclose() - 关闭一个已打开的文件指针
fgets() - 从文件指针中读取一行
fread() - 读取文件(可安全用于二进制文件)
fwrite() - 写入文件(可安全用于二进制文件)
fsockopen() - 打开一个网络连接或者一个Unix套接字连接
file() - 把整个文件读入一个数组中
file_exists() - 检查文件或目录是否存在
is_readable() - 判断给定文件名是否可读
stream_set_timeout() - Set timeout period on a stream
popen() - 打开进程文件指针
stream_context_create() - 创建资源流上下文
umask() - 改变当前的 umask
SplFileObject
add a note add a note
User Contributed Notes 20 notes
up
down
119chapman at worldtakeoverindustries dot com ¶9 years ago
Note - using fopen in 'w' mode will NOT update the modification time (filemtime) of a file like you may expect. You may want to issue a touch() after writing and closing the file which update its modification time. This may become critical in a caching situation, if you intend to keep your hair.
up
down
5php-manual at merlindynamics dot com ¶1 year ago
There is an undocumented mode for making fopen non-blocking (not working on windows). By adding 'n' to the mode parameter, fopen will not block, however if the pipe does not exist an error will be raised.
$fp = fopen("/tmp/debug", "a"); //blocks if pipe does not exist
$fp = fopen("/tmp/debug", "an"); //raises error on pipe not exist
up
down
22php at delhelsa dot com ¶13 years ago
With php 5.2.5 on Apache 2.2.4, accessing files on an ftp server with fopen() or readfile() requires an extra forwardslash if an absolute path is needed.
i.e., if a file called bullbes.txt is stored under /var/school/ on ftp server example.com and you're trying to access it with user blossom and password buttercup, the url would be:
ftp://blossom:buttercup@example.com//var/school/bubbles.txt
Note the two forwardslashes. It looks like the second one is needed so the server won't interpret the path as relative to blossom's home on townsville.
up
down
7petepostma-deletethis at gmail dot com ¶4 years ago
The verbal descriptions take a while to read through to get a feel for the expected results for fopen modes. This csv table can help break it down for quicker understanding to find which mode you are looking for:
Mode,Creates,Reads,Writes,Pointer Starts,Truncates File,Notes,Purpose
r,,y,,beginning,,fails if file doesn't exist,basic read existing file
r+,,y,y,beginning,,fails if file doesn't exist,basic r/w existing file
w,y,,y,beginning+end,y,,"create, erase, write file"
w+,y,y,y,beginning+end,y,,"create, erase, write file with read option"
a,y,,y,end,,,"write from end of file, create if needed"
a+,y,y,y,end,,,"write from end of file, create if needed, with read options"
x,y,,y,beginning,,fails if file exists,"like w, but prevents over-writing an existing file"
x+,y,y,y,beginning,,fails if file exists,"like w+, but prevents over writing an existing file"
c,y,,y,beginning,,,open/create a file for writing without deleting current content
c+,y,y,y,beginning,,,"open/create a file that is read, and then written back down"
up
down
6Anon. ¶11 months ago
/***** GENTLE REMINDER *****/
Really important. Do NOT use the "w" flag unless you want to delete everything in the file.
up
down
10ideacode ¶16 years ago
Note that whether you may open directories is operating system dependent. The following lines:
<?php
// Windows ($fh === false)
$fh = fopen('c:\\Temp', 'r');
// UNIX (is_resource($fh) === true)
$fh = fopen('/tmp', 'r');
?>
demonstrate that on Windows (2000, probably XP) you may not open a directory (the error is "Permission Denied"), regardless of the security permissions on that directory.
On UNIX, you may happily read the directory format for the native filesystem.
up
down
9info at b1g dot de ¶16 years ago
Simple class to fetch a HTTP URL. Supports "Location:"-redirections. Useful for servers with allow_url_fopen=false. Works with SSL-secured hosts.
<?php
#usage:
$r = new HTTPRequest('http://www.example.com');
echo $r->DownloadToString();
class HTTPRequest
{
var $_fp; // HTTP socket
var $_url; // full URL
var $_host; // HTTP host
var $_protocol; // protocol (HTTP/HTTPS)
var $_uri; // request URI
var $_port; // port
// scan url
function _scan_url()
{
$req = $this->_url;
$pos = strpos($req, '://');
$this->_protocol = strtolower(substr($req, 0, $pos));
$req = substr($req, $pos+3);
$pos = strpos($req, '/');
if($pos === false)
$pos = strlen($req);
$host = substr($req, 0, $pos);
if(strpos($host, ':') !== false)
{
list($this->_host, $this->_port) = explode(':', $host);
}
else
{
$this->_host = $host;
$this->_port = ($this->_protocol == 'https') ? 443 : 80;
}
$this->_uri = substr($req, $pos);
if($this->_uri == '')
$this->_uri = '/';
}
// constructor
function HTTPRequest($url)
{
$this->_url = $url;
$this->_scan_url();
}
// download URL to string
function DownloadToString()
{
$crlf = "\r\n";
// generate request
$req = 'GET ' . $this->_uri . ' HTTP/1.0' . $crlf
. 'Host: ' . $this->_host . $crlf
. $crlf;
// fetch
$this->_fp = fsockopen(($this->_protocol == 'https' ? 'ssl://' : '') . $this->_host, $this->_port);
fwrite($this->_fp, $req);
while(is_resource($this->_fp) && $this->_fp && !feof($this->_fp))
$response .= fread($this->_fp, 1024);
fclose($this->_fp);
// split header and body
$pos = strpos($response, $crlf . $crlf);
if($pos === false)
return($response);
$header = substr($response, 0, $pos);
$body = substr($response, $pos + 2 * strlen($crlf));
// parse headers
$headers = array();
$lines = explode($crlf, $header);
foreach($lines as $line)
if(($pos = strpos($line, ':')) !== false)
$headers[strtolower(trim(substr($line, 0, $pos)))] = trim(substr($line, $pos+1));
// redirection?
if(isset($headers['location']))
{
$http = new HTTPRequest($headers['location']);
return($http->DownloadToString($http));
}
else
{
return($body);
}
}
}
?>
up
down
4durwood at speakeasy dot NOSPAM dot net ¶16 years ago
I couldn't for the life of me get a certain php script working when i moved my server to a new Fedora 4 installation. The problem was that fopen() was failing when trying to access a file as a URL through apache -- even though it worked fine when run from the shell and even though the file was readily readable from any browser. After trying to place blame on Apache, RedHat, and even my cat and dog, I finally ran across this bug report on Redhat's website:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164700
Basically the problem was SELinux (which I knew nothing about) -- you have to run the following command in order for SELinux to allow php to open a web file:
/usr/sbin/setsebool httpd_can_network_connect=1
To make the change permanent, run it with the -P option:
/usr/sbin/setsebool -P httpd_can_network_connect=1
Hope this helps others out -- it sure took me a long time to track down the problem.
up
down
3php at richardneill dot org ¶10 years ago
fopen() will block if the file to be opened is a fifo. This is true whether it's opened in "r" or "w" mode. (See man 7 fifo: this is the correct, default behaviour; although Linux supports non-blocking fopen() of a fifo, PHP doesn't).
The consequence of this is that you can't discover whether an initial fifo read/write would block because to do that you need stream_select(), which in turn requires that fopen() has happened!
up
down
2etters dot ayoub at gmail dot com ¶3 years ago
This functions check recursive permissions and recursive existence parent folders, before creating a folder. To avoid the generation of errors/warnings.
/**
* This functions check recursive permissions and recursive existence parent folders,
* before creating a folder. To avoid the generation of errors/warnings.
*
* @return bool
* true folder has been created or exist and writable.
* False folder not exist and cannot be created.
*/
function createWritableFolder($folder)
{
if (file_exists($folder)) {
// Folder exist.
return is_writable($folder);
}
// Folder not exit, check parent folder.
$folderParent = dirname($folder);
if($folderParent != '.' && $folderParent != '/' ) {
if(!createWritableFolder(dirname($folder))) {
// Failed to create folder parent.
return false;
}
// Folder parent created.
}
if ( is_writable($folderParent) ) {
// Folder parent is writable.
if ( mkdir($folder, 0777, true) ) {
// Folder created.
return true;
}
// Failed to create folder.
}
// Folder parent is not writable.
return false;
}
/**
* This functions check recursive permissions and recursive existence parent folders,
* before creating a file/folder. To avoid the generation of errors/warnings.
*
* @return bool
* true has been created or file exist and writable.
* False file not exist and cannot be created.
*/
function createWritableFile($file)
{
// Check if conf file exist.
if (file_exists($file)) {
// check if conf file is writable.
return is_writable($file);
}
// Check if conf folder exist and try to create conf file.
if(createWritableFolder(dirname($file)) && ($handle = fopen($file, 'a'))) {
fclose($handle);
return true; // File conf created.
}
// Inaccessible conf file.
return false;
}
up
down
3ceo at l-i-e dot com ¶15 years ago
If you need fopen() on a URL to timeout, you can do like:
<?php
$timeout = 3;
$old = ini_set('default_socket_timeout', $timeout);
$file = fopen('http://example.com', 'r');
ini_set('default_socket_timeout', $old);
stream_set_timeout($file, $timeout);
stream_set_blocking($file, 0);
//the rest is standard
?>
up
down
3splogamurugan at gmail dot com ¶10 years ago
While opening a file with multibyte data (Ex: données multi-octets), faced some issues with the encoding. Got to know that it uses windows-1250. Used iconv to convert it to UTF-8 and it resolved the issue.
<?php
function utf8_fopen_read($fileName) {
$fc = iconv('windows-1250', 'utf-8', file_get_contents($fileName));
$handle=fopen("php://memory", "rw");
fwrite($handle, $fc);
fseek($handle, 0);
return $handle;
}
?>
Example usage:
<?php
$fh = utf8_fopen_read("./tpKpiBundle.csv");
while (($data = fgetcsv($fh, 1000, ",")) !== false) {
foreach ($data as $value) {
echo $value . "<br />\n";
}
}
?>
Hope it helps.
up
down
2ken dot gregg at rwre dot com ¶17 years ago
PHP will open a directory if a path with no file name is supplied. This just bit me. I was not checking the filename part of a concatenated string.
For example:
<?php
$fd = fopen('/home/mydir/' . $somefile, 'r');
?>
Will open the directory if $somefile = ''
If you attempt to read using the file handle you will get the binary directory contents. I tried append mode and it errors out so does not seem to be dangerous.
This is with FreeBSD 4.5 and PHP 4.3.1. Behaves the same on 4.1.1 and PHP 4.1.2. I have not tested other version/os combinations.
up
down
2keithm at aoeex dot NOSPAM dot com ¶20 years ago
I was working on a consol script for win32 and noticed a few things about it. On win32 it appears that you can't re-open the input stream for reading, but rather you have to open it once, and read from there on. Also, i don't know if this is a bug or what but it appears that fgets() reads until the new line anyway. The number of characters returned is ok, but it will not halt reading and return to the script. I don't know of a work around for this right now, but i'll keep working on it.
This is some code to work around the close and re-open of stdin.
<?php
function read($length='255'){
if (!isset($GLOBALS['StdinPointer'])){
$GLOBALS['StdinPointer']=fopen("php://stdin","r");
}
$line=fgets($GLOBALS['StdinPointer'],$length);
return trim($line);
}
echo "Enter your name: ";
$name=read();
echo "Enter your age: ";
$age=read();
echo "Hi $name, Isn't it Great to be $age years old?";
@fclose($StdinPointer);
?>
up
down
2apathetic012 at gmail dot com ¶9 years ago
a variable $http_response_header is available when doing the fopen(). Which contains an array of the response header.
up
down
0k-gun at git dot io ¶2 years ago
Seems not documented here but keep in mind, when $filename contains null byte (\0) then a TypeError will be thrown with message such;
TypeError: fopen() expects parameter 1 to be a valid path, string given in ...
up
down
2dan at cleandns dot com ¶17 years ago
<?php
#going to update last users counter script since
#aborting a write because a file is locked is not correct.
$counter_file = '/tmp/counter.txt';
clearstatcache();
ignore_user_abort(true); ## prevent refresh from aborting file operations and hosing file
if (file_exists($counter_file)) {
$fh = fopen($counter_file, 'r+');
while(1) {
if (flock($fh, LOCK_EX)) {
#$buffer = chop(fgets($fh, 2));
$buffer = chop(fread($fh, filesize($counter_file)));
$buffer++;
rewind($fh);
fwrite($fh, $buffer);
fflush($fh);
ftruncate($fh, ftell($fh));
flock($fh, LOCK_UN);
break;
}
}
}
else {
$fh = fopen($counter_file, 'w+');
fwrite($fh, "1");
$buffer="1";
}
fclose($fh);
print "Count is $buffer";
?>
up
down
2flobee ¶15 years ago
download: i need a function to simulate a "wget url" and do not buffer the data in the memory to avoid thouse problems on large files:
<?php
function download($file_source, $file_target) {
$rh = fopen($file_source, 'rb');
$wh = fopen($file_target, 'wb');
if ($rh===false || $wh===false) {
// error reading or opening file
return true;
}
while (!feof($rh)) {
if (fwrite($wh, fread($rh, 1024)) === FALSE) {
// 'Download error: Cannot write to file ('.$file_target.')';
return true;
}
}
fclose($rh);
fclose($wh);
// No error
return false;
}
?>
up
down
-2kasper at webmasteren dot eu ¶9 years ago
"Do not use the following reserved device names for the name of a file:
CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1,
LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9. Also avoid these names
followed immediately by an extension; for example, NUL.txt is not recommended.
For more information, see Namespaces"
it is a windows limitation.
see:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx
up
down
-6sean downey ¶13 years ago
when using ssl / https on windows i would get the error:
"Warning: fopen(https://example.com): failed to open stream: Invalid argument in someSpecialFile.php on line 4344534"
This was because I did not have the extension "php_openssl.dll" enabled.
So if you have the same problem, goto your php.ini file and enable it :)
这里使用filename fopen()
直接抄!
先插入这句话 让这个句话去搜索aa.php模板 没有的话就创建一个aa.php模板。
插入后在访问一次404页面
访问404模板的页面
返回模板编辑的地方
发现生成了一个aa.php的模板
在这个空模板里直接插入php大马语句。
(这个创建模板这一步是为了不影响别人业务的办法,如果随意更改别人的模板写入大马,会影响到别人网站的正常运营)
下一步我就不说了。
删除操作 退出
传统功夫点到为止!!!
发表评论 取消回复