first commit

httpd/CVE-2017-15715/README.md

@@ -0,0 +1,35 @@
+# Apache HTTPD Newline Parsing Vulnerability (CVE-2017-15715)
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+Apache HTTPD is a widely-used HTTP server that can run PHP web pages through mod_php. A parsing vulnerability exists in versions 2.4.0 through 2.4.29, where a filename ending with `1.php\x0A` will be treated as a PHP file, allowing attackers to bypass certain server security policies.
+
+References:
+
+- <https://httpd.apache.org/security/vulnerabilities_24.html>
+- <https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html>
+
+## Environment Setup
+
+Execute the following commands to build and start a vulnerable Apache HTTPD server:
+
+```
+docker compose build
+docker compose up -d
+```
+
+After the server is started, Apache will be running at `http://your-ip:8080`.
+
+## Vulnerability Reproduction
+
+First, try to upload a file named `1.php`. The upload will be blocked by the security check:
+
+![Upload blocked by security check](1.png)
+
+However, if we append a `\x0A` (note: must be `\x0A` alone, not `\x0D\x0A`) to the filename `1.php`, the upload will succeed:
+
+![Successful upload with newline character](2.png)
+
+When accessing the uploaded file at `/1.php%0a`, it will be successfully parsed as a PHP file, despite not having a proper PHP extension. This confirms the existence of the parsing vulnerability:
+
+![Successful PHP execution](3.png)