apacheParsing vulnerability
Vulnerability principle
Parse the file suffix name from right to left. If If you find an unrecognized file suffix, continue to the left. For example, test.php.owf.rar ".owf" and ".rar" are two suffixes that apache cannot recognize and parse, and apache will parse wooyun.php.owf.rar into php.
Vulnerability form
www.xxxx.xxx.com/test.php.xxx
Other configuration issues lead to the vulnerability
(1) If there is such a line in Apache's conf to configure AddHandler php5-script .php, then as long as the file name contains .php, even if the file name is test2.php.jpg, it will be executed as php.
(2) If there is such a line configuration in Apache's conf AddType application/x-httpd-php .jpg, even if the extension is jpg, it can still be executed in php mode.
Experimental environment: Windows Server 2008 R2
Phpstudy2018
Add AddHandler php5-script .php in httpd.conf and restart after adding
Create a php sentence in the root directory with the suffix .php.xxx
Access and see if it can be parsed
Parse successfully, Ant Sword connection
The above is the detailed content of How to parse Apache vulnerability recurrence. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SublimeText3 Mac version
God-level code editing software (SublimeText3)
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Atom editor mac version download
The most popular open source editor
