我正在尝试运行peruggia
,但找不到成功运行它的方法。我lighthttp
在 Linux 上安装了它,但是当我install.php
使用 Firefox运行它时localhost/install.php
,我只得到一个没有任何详细信息的屏幕,这里是
截屏lighthttp conf 文件(lighttpd.conf
)是:
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
#server.compat-module-load = "disable"
server.modules += (
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)
我正在运行ubuntu
内核5.4.0
和 Firefox 85.0
,我想php.ini
配置正确。佩鲁贾conf.php
是
<?php
//MySQL
$mysql_host = "localhost";
$mysql_user = "test";
$mysql_pass = "test";
$mysql_db = "test";
//General
$title = "Peruggia";
$version = "1.2";
$peruggia_root = "http://127.0.0.1/";
error_reporting(0); // You may or may not want to see these, your choice
//Vulnerabilities (true or false)
//NOTE: disabling some vulnerabilities may render others useless
$guard_pers_xss = true; //Block persistent cross site scripting
$guard_refl_xss = true; //Block reflected cross site scripting
//$guard_csrf = true; //Block cross site request forgery
//$guard_sesfix = true; //Block session fixation //Blocker not yet implemented
$guard_sqli = false; //Block SQL injection
$guard_auth_sqli = true; //Block authentication bypass SQL injection
$guard_lfi = true; //Block local file inclusions
$guard_rfi = true; //Block remote file inclusions
$guard_fuv = true; //Block file upload vulnerabilities
$fu_types = array( //Allowed file upload types (mime types)
"image/gif",
"image/jpeg",
"image/pjpeg",
);
?>
ls/var/www/html
列出 peruggia 文件的内容:
about.html background.png conf.php images includes index.php install.php logo.png style.css
那么我怎样才能运行佩鲁贾?