当前位置：网站首页>Middleware vulnerability recurrence Apache

auto_append_file=filename     // Each of the peer directories php Add... At the end of the file  include(“filename”)
auto_prepend_file=filename    // Add  include(“filename”)

Upload 1.png

<?php phpinfo();?>

Be careful ： Then access any one under the file php that will do Because there is index.php So you don't need to upload php To analyze

0x0d Apache HTTPD Newline parsing vulnerability (CVE-2017-15715)

Environmental Science ：vulhub

Affects version ：2.4.0~2.4.29 edition

Environment startup ：

stay CVE-2017-15715 Right click the folder to open the terminal
sudo docker-compose up -d
visit ip+8000

burp Grab the bag Modify parameter value

stay evil.php Back plus c——> Choose code modify ——>0a

visit url：192.168.0.10:8080/evil.php%oa

summary ： Mind mapping

原网站

版权声明
本文为[Lazy and talented]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/187/202207060917588966.html

当前位置：网站首页>Middleware vulnerability recurrence Apache

Middleware vulnerability recurrence Apache

0x0a httpd-conf Improper configuration ( Multiple file name parsing vulnerability )

Local reproduction ：

Edit the file h：ttpd-conf(apache/conf/http-conf):

Edit the file ：phpinfo.php.jpg

visit ：127.0.0.1/phpinfo.php.jpg

0x0b .htaccess Parsing vulnerabilities

Local reproduction ：

Upload .htaccess file （ Local ）

Upload phpinfo.jpg file （ Local ）

visit : 127.0.0.1/phpinfo.jpg

0x0c .user.ini Parsing vulnerabilities

Environmental Science ctfshow web 153

principle ：php File contains .user.ini

Upload 1.png

Be careful ： Then access any one under the file php that will do Because there is index.php So you don't need to upload php To analyze

0x0d Apache HTTPD Newline parsing vulnerability (CVE-2017-15715)

Environmental Science ：vulhub

Affects version ：2.4.0~2.4.29 edition

burp Grab the bag Modify parameter value

visit url：192.168.0.10:8080/evil.php%oa

summary ： Mind mapping

边栏推荐

猜你喜欢

随机推荐