Configure nginx to support php, jsp, asp, and aspx
When it comes to Nginx, you should be familiar with it. although it was a little late, its excellent performance caused many system engineers to fold and be widely used. There are many articles on the Internet that show you how to enable nginx to support jsp, asp, and so on. I would like to say this is not correct, because nginx itself is only a static server and
When it comes to Nginx, you should be familiar with it. although it was a little late, its excellent performance caused many system engineers to fold and be widely used. There are many articles on the Internet that show you how to enable nginx to support jsp, asp, and so on. I would like to say that this is not correct, because nginx itself is only a powerful tool for static server and reverse proxy, and does not support dynamic pages. The so-called support for asp, jsp, php and so on are just using nginx for reverse proxy.
We have already introduced nginx’s support for php through fastcgi. here we will only introduce how to use nginx Reverse proxy tomcat and other jsp containers to serve jsp pages:
Suppose you have configured tomcat and run it on port 8080 of the local machine. open your VM configuration file and add the following lines:
Location /Proxy_pass http: // 127.0.0.1: 8080;
Proxy_redirect off;
Proxy_set_header Host $ host;
Proxy_set_header X-Real-IP $ remote_addr;
Proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
Client_max_body_size 10 m;
Client_body_buffer_size 128 k;
Proxy_connect_timeout 30;
Proxy_send_timeout 30;
Proxy_read_timeout 30;
Proxy_buffer_size 4 k;
Proxy_buffers 4 32 k;
Proxy_busy_buffers_size 64 k;
Proxy_temp_file_write_size 64 k;
>
OK. jsp can run! Want to radial proxy IIS? Apache? — Do it!
PS: now the official version of Nginx for Windows has been released. Therefore, the support for Asp or. net is just a matter of course. you can do it directly on one machine without relying entirely on mono.
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
Обзор
, ( Webshell) web , asp、php、jsp、aspx , ?
(1) Мэтьюз успешны и не были убиты; (2) знать путь троянской лошади; (3) Выгрузка трояна может работать нормально. Одно предложение PHP: Предложение ASP: Предложение ASPX:
Фундаментальный
。 php , , , cmd, post , , , 。
(1)php , php , 。
(2) @ , , 。
Зачем? , , :Notice, xxx 。 ? @ 。
。php : $_GET 、 $_POST 。 $_POST[‘a’] ; a , post 。
Например: eval(«echo ‘a'») ; echo ‘a’ Увидеть снова , post pw, : pw=echo ‘a’ ; Сущность Результаты приведены ниже:
: post pw, pw php 。 : , , pw , post 。 , php : opendir() и readdir() 。 , , php : move_uploaded_file , html 。 cmd , exec() 。
:php php.ini , safe_mode = off , disable_functions = proc_open, popen, exec, system, shell_exec , exec , exec( cms , )。
cmd=header("Content-type:text/html;charset=gbk"); exec("ipconfig",$out); echo ''; print_r($out); echo '';
。SO, , !
DVWA :http://127.0.0.1:8088/DVWA/index.php , 。
Low , :
Your image was not uploaded.'; > else < // Yes! echo "
succesfully uploaded!"; > > ?>
(1) , :
(2) , , 。 , :(3) :
Your image was not uploaded.'; > else < // Yes! echo "
succesfully uploaded!"; > > else < // Invalid file echo '
Your image was not uploaded. We can only accept JPEG or PNG images.'; > > ?>
,High ”.” , , “*.jpg” 、 “.jpeg” 、 “*.png” один. Одновременно, getimagesize() 。
【 】 CMD copy “ ” , , ClearSky.jpg/b “b” “двоичный файл”, hack.php/a “a» ASCII 。
hack.jpg :
, :
hack.jpg , ! Пересечение Пересечение
, !!!!!!!!!!!
,PHP , :
, ?High …… , DVWA PHP , 。, :
DVWA, :
, :1、 。
, , 。 。 , PHP 。 , 。, ,Тот Сущность , , , , 。 , , , , 。
Давайте посмотрим на пример использования Малайзии: загрузите PHP Malaysia в DVWA на виртуальную машину (исходный код прикреплен к концу):
Посетите Trojan File 123.php , После отправки пароля 123456, введите список функций Малайзии. На рисунке ниже показана функция управления файлами:Наконец, прикрепил код PHP Malaysia (код слишком длинный, ссылка на облачный диск Baidu): https://pan.baidu.com/s/1XGUp5Q_Q2zn46kcQxE5M3A
Извлечение кода: 56pd. Также предоставьте справочный адрес JSP Malaysia: https://blog.csdn.net/weixin_34248023/article/details/93094456 。WebShell
WebShell — это командная среда, которая существует в виде веб -файлов, таких как ASP, PHP, JSP или CGI. Это также можно назвать веб -задней дверьюСущность После того, как хакеры вторглись на веб -сайт, файлы задней двери ASP или PHP обычно смешиваются с обычным веб -файлом в веб -каталоге веб -сайта, а затем вы можете использовать браузер для доступа к задней двери ASP или PHP.Получите среду выполнения команды для достижения цели управления сервером веб -сайта。
Webshell можно разделить на Trojan сценария PHP на основе сценариев, ASP Script Trojan, а также сценария на основе .NET и сценарии JSP. В зарубежных странах есть динамичные веб -страницы, написанные на языке сценариев Python, конечно, есть также веб -склад, связанные с ним.Webshell также разделен на Малайзию, Пони и Троян в соответствии с функцией.,Например: Это предложение обычно записывается в документ, а затем имя файла изменяется на xx.asp. Затем перешел на сервер. Метод оценки request(“pass”) Преобразованный в выполнение кода, роль функции запроса заключается в применении внешних файлов.Это эквивалентно конфигурации клиента троянской лошадиСущность Конкретная классификация заключается в следующем:
The difference between PHP, JSP, ASP, and ASPX
PHP It is an embedded scripting language cross-platform server-side. It borrows the syntax of C, Java and Perl, and couples PHP’s own characteristics, so that web developers can quickly write up dynamic generating pages. It supports the vast majority of databases. Another point, PHP is completely free, don’t spend money, you can freely download from PHP official sites. And you can get the source code unrestricted, and you can even add the features you need. The file after the PHP scripting language is named .php
JSP It is a new generation of a new generation of websites launched by Sun. Sun has a new fruit from the Java app and Javaapplet with the extraordinary attainments yourself on Java. JSP can complete powerful site programs with the support of Serverlet and JavaBean. JSP script language files after the complex name are .jsp
ASP Full name ActiveServerPages, is a server-side scripting environment developed by Microsoft. It is a web server-side development environment that uses it produces and performs dynamic, interactive, high-performance web service applications. ASP uses scripting language Vbscript (JavaScript) as its own development language. ASP file after the column .asp
ASP.NET Also known as ASP +, not just a simple upgrade of ASP, but a new generation scripting language launched by Microsoft. He is not a simple upgrade of the ASP because his programming method and ASP have a big difference, he is a program code that is compiled by the server on the server. ASP uses a scripting language, each request, the server calls the script parsing engine to parse the execution of the program code, and the ASP.NET can be written in multiple languages, and is full-compiled, faster than ASP, but also, not only Only fast problems, there are many advantages. ASP.NET is based on the.NET Framework’s Web development platform, not only absorbs the maximum advantages of ASP previous versions and with reference to the Java, the development advantage of VB language has added many new features, but also fixes the previous ASP version of the running error. He also supports many languages, such as Java, C #, VB.NET, which is very functional. ASP.NET files after the complex name are .aspx
Severals provide a mixed program code in the HTML code, explaining the ability to execute program code by the language engine. However, the JSP code is compiled into a servlet and interpreted by the Java virtual machine, which occurs only when the JSP page is requested. In ASP/ASP.NET, PHP, JSP environments, HTML code is primarily responsible for describing information display style, and the program code is used to describe processing logic. The ordinary HTML page only rely on the web server, and the ASP/ASP.NET, PHP, and JSP pages require additional language engine analysis and execution program code. The execution result of the program code is rejected into the HTML code and then sent together to the browser. ASP/ASP.NET, PHP, and JSP are technically for web servers, and client browsers do not need any additional software support.
Configure nginx to support php, jsp, asp, and aspx
When it comes to Nginx, you should be familiar with it. Although it was a little late, its excellent performance caused many System Engineers to fold and be widely used. There are many articles on the Internet that show you how to enable nginx to support jsp, asp, and so on. I would like to say that this is not correct, because nginx itself is only a powerful tool for static server and reverse proxy, and does not support dynamic pages. The so-called support for asp, jsp, php and so on are just using nginx for reverse proxy.
We have already introduced nginx’s support for php through fastcgi. Here we will only introduce how to use nginx reverse proxy tomcat and other jsp containers to serve jsp pages:
Suppose you have configured tomcat and run it on port 8080 of the Local Machine. Open your VM configuration file and add the following lines:
Location /Proxy_pass http: // 127.0.0.1: 8080;
Proxy_redirect off;
Proxy_set_header Host $ host;
Proxy_set_header X-Real-IP $ remote_addr;
Proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
Client_max_body_size 10 m;
Client_body_buffer_size 128 k;
Proxy_connect_timeout 30;
Proxy_send_timeout 30;
Proxy_read_timeout 30;
Proxy_buffer_size 4 k;
Proxy_buffers 4 32 k;
Proxy_busy_buffers_size 64 k;
Proxy_temp_file_write_size 64 k;
>OK. jsp can run! Want to radial proxy IIS? Apache? — Do it!
PS: Now the official version of Nginx for Windows has been released. Therefore, the support for Asp or. net is just a matter of course. You can do it directly on one machine without relying entirely on mono.
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.
“ ” :
(4) “ ”, :
, ! Пересечение ! Пересечение ( ) ……
, copy Hack.php ClearSky.jpg :
:
: http://10.27.25.118:8088/DVWA/vulnerabilities/fi/?page=file:///C:\SoftWare\PhpStudy2016\WWW\DVWA\hackable\uploads\hacker.jpg ,Как показано ниже:
DVWA PHP muma.php ,Как показано ниже:
2、 base64 , » » , :
3、 , , , 。 Очень сильный.
Продолжайте доступ к функции выполнения команды (другие функции не отображаются):
