sudo -u www bash -c 'php test.php -d "$(date +%Y-%m-%d)"'

安装依赖yum install epel-release gcc openssl-devel libxml2-devel bzip2-devel libmcrypt-devel sqlite-devel oniguruma-devel libjpeg libjpeg-devel libpng libpng-devel libxslt libxslt-devel libtool libtool-devel autoconf libcurl libcurl-devel -y下载安装curl库wget https://curl.se/download/curl-7.74.0.tar.gz tar -xvf curl-7.74.0.tar.gz cd curl-7.74.0 ./configure make && make install安装PHPtar -xvf php-7.4.27.tar cd php-7.4.27 ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/et

主要是对key进行处理$key = substr(openssl_digest(openssl_digest($key, 'sha1', true), 'sha1', true), 0, 16); // openssl_encrypt 加密不同Mcrypt，对秘钥长度要求，超出16加密结果不变 $data = openssl_encrypt($string, 'AES-128-ECB', $key, OPENSSL_RAW_DATA); $data = base64_encode($data);

漏洞表现?s=\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=100修复方案1、开启强制路由config/app.php// 是否强制使用路由 'url_route_must' => true, // 是否开启路由 'url_route_on' => true,2、修改默认参数名称// PATHINFO变量名 用于兼容模式 'var_pathinfo' => 'ST',3、修改源码打补丁thinkphp/library/think/route/dispatch/Module.phpline:70$this->controller = $convert ? strtolower($controller) : $controller;向下增加：if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) { throw new HttpException(404, 'co

This Set-Cookie was blocked because it was not sent over a secure-connection and would have overwritten a cookie with Secure attribute当HTTPS下有了一个Cookie后，再想在同域名的HTTP站点下写入Cookie就会失败，解决办法就是删除HTTPS站点下的Cookie。