Home > Operation and Maintenance > Safety > How to parse Apache vulnerability recurrence

How to parse Apache vulnerability recurrence

WBOY
Release: 2023-05-22 12:10:13
forward
1168 people have browsed it

apacheParsing vulnerability

Vulnerability principle

Parse the file suffix name from right to left. If If you find an unrecognized file suffix, continue to the left. For example, test.php.owf.rar ".owf" and ".rar" are two suffixes that apache cannot recognize and parse, and apache will parse wooyun.php.owf.rar into php.

Vulnerability form

www.xxxx.xxx.com/test.php.xxx

Other configuration issues lead to the vulnerability

(1) If there is such a line in Apache's conf to configure AddHandler php5-script .php, then as long as the file name contains .php, even if the file name is test2.php.jpg, it will be executed as php.
(2) If there is such a line configuration in Apache's conf AddType application/x-httpd-php .jpg, even if the extension is jpg, it can still be executed in php mode.

Experimental environment: Windows Server 2008 R2

Phpstudy2018

How to parse Apache vulnerability recurrence

Add AddHandler php5-script .php in httpd.conf and restart after adding

How to parse Apache vulnerability recurrence

Create a php sentence in the root directory with the suffix .php.xxx

How to parse Apache vulnerability recurrence

Access and see if it can be parsed

How to parse Apache vulnerability recurrence

Parse successfully, Ant Sword connection

How to parse Apache vulnerability recurrence

The above is the detailed content of How to parse Apache vulnerability recurrence. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template