Apache 开启SSI配置使shtml支持 include()和SSI Shell漏洞问题

Apache 开启SSI配置使shtml支持 include()和SSI Shell漏洞问题
SSI (Server Side Includes)

1、编辑Apache的配置文件httpd.conf添加.shtml支持
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml #取消该行前的注释符#
#AddOutputFilter INCLUDES .shtml #取消该行前的注释符#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

2、编辑www.zhangfangzhou.cn.conf网站配置文件中添加Includes
Options FollowSymLinks Includes

3、重启Apache
service httpd restart
这样Apache2 开启SSI配置使shtml支持 include(),但是留下了一个SSI Shell漏洞问题,此时可以程序执行(exec)

4、只允许SSI但是禁止程序执行(exec)
编辑www.zhangfangzhou.cn.conf网站配置文件
Options FollowSymLinks Includes修改成Options FollowSymLinks IncludesNoExec
或者在.htaccess文件中添加Options +IncludesNOEXEC

5、补充
Includes #启用SSI
IncludesNoExec #启用SSI,但使EXEC指令无效

(1)、Includes
Options FollowSymLinks Includes以下规范有效
<!--#exec cmd="..."-->
<!--#exec cgi="..."-->
<!--#include file="..."-->

(2)、IncludesNoExec
Options FollowSymLinks IncludesNoExec
<!--#include file="..."-->
规范有效

<!--#exec cmd="..."-->
<!--#exec cgi="..."-->
exec等程序执行将受到限制不能执行

VMware Workstation Pro 15 共享虚拟机的时候 Workstation Server 不可用. 请启用虚拟机共享和远程访问以修改共享的虚拟机位置

VMware Workstation Pro 15 共享虚拟机的时候 Workstation Server 不可用. 请启用虚拟机共享和远程访问以修改共享的虚拟机位置
VMware Workstation Pro Shared VMs The Workstation Server is not available. Enable VM sharing and remote access to modify the shared VMs location.

1、查看VMware Workstation Pro 服务是否正常(右击我的电脑->>管理->>服务和应用程序->>服务)
VMware Authorization Service
VMware USB Arbitration Service
VMware Workstation Server

2、VMware Workstation Pro 服务均为正常,查看VMware Workstation Pro 产生的日志文件
C:\Users\用户名\AppData\Local\Temp\vmware-用户名\vmware-ui-随机ID.log
C:\Users\zhangfangzhou_cn\AppData\Local\Temp\vmware-zhangfangzhou_cn\vmware-ui-4624.log

2018-11-02T09:33:27.268+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: Workstation Server 不可用。请启用虚拟机共享和远程访问以修改共享的虚拟机位置。
2018-11-02T09:33:42.368+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: VMware Workstation 当前未连接 Workstation Server。要连接,请单击库中的“共享虚拟机”项目。
2018-11-02T09:43:02.342+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: The Workstation Server is not available. Enable VM sharing and remote access to modify the shared VMs location.
2018-11-02T09:43:00.262+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: VMware Workstation currently does not have a connection to the Workstation Server. To connect, click on the "Shared VMs" item in the library.

3、继续查看VMware Workstation Pro 的日志
C:\ProgramData\VMware\hostd\hostd-随机ID.log
C:\ProgramData\VMware\hostd\hostd-23.log
2018-11-02T09:33:39.348+08:00 verbose hostd[09420] [Originator@6876 sub=PropertyProvider opID=865c0541] RecordOp ASSIGN: latestEvent, ha-eventmgr. Applied change to temp map.
2018-11-02T09:33:39.348+08:00 info hostd[09420] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=865c0541] Event 2 : Cannot login user @127.0.0.1: no permission

Event 2 : Cannot login user @127.0.0.1: no permission
原因是没有权限

4、系统使用的账户是zhangfangzhou_cn,使用administrator账户登录系统可以正常使用共享虚拟机的功能。