Vulnerability recurrence ----- 35. Uwsgi PHP directory traversal vulnerability (cve-2018-7490)

One 、uWSGI brief introduction

uWSGI： It's a Web The server , It has achieved WSGI agreement 、uwsgi、http Such agreement .Nginx in HttpUwsgiModule Its function is to communicate with uWSGI The server exchanges .WSGI It's a kind of Web Server gateway interface . It's a Web The server （ Such as nginx,uWSGI Wait for the server ） And web application （ If used Flask The program written by the framework ） A specification of communication .
uwsgi The agreement is a uWSGI The server has its own protocol , It is used to define the type of information transmitted （type of information）, every last uwsgi packet front 4byte Description of the type of information transmitted , It is associated with WSGI There are two things in comparison .

WSGI / uwsgi / uWSGI The difference between the three concepts ：
1、WSGI Is a communication protocol .
2、uwsgi It's a line protocol, not a communication protocol , This is often used in uWSGI Data communication between server and other network servers .
3、 and uWSGI Is to implement the uwsgi and WSGI Two kinds of agreement Web The server .

Two 、 Causes of loopholes 、 Reappear

uWSGI<2.0.17 At the time of the PHP plug-in unit DOCUMENT_ROOT Detection not handled correctly , Lead to DOCUMENT_ROOT By using ..%2f Instead of ../ Bypassable defense strategy .