Comments (9)
确实不能称为“未知后缀解析漏洞”,因为这个漏洞环境不管是何种后缀,都会被解析。(只要没有设置其他的Handler)
说明一下Apache的解析方式。你说的这个例子涉及两个指令:
- AddType
- AddHandler
前者设置一个后缀的mime-type,后者设置一个后缀的处理器。
就你举得这个例子而言,.jpg
对应image/jpeg
,是AddType进行设置的;而.php
对应的处理器application/x-httpd-php
,是AddHandler设置的,二者不冲突。但因为application/x-httpd-php
返回的content-type覆盖了image/jpeg
,所以最后显示出来是一个html。
我们引用文档中一段原文来解释在多个后缀下如何处理:
Care should be taken when a file with multiple extensions gets associated with both a media-type and a handler. This will usually result in the request being handled by the module associated with the handler. For example, if the .imap extension is mapped to the handler imap-file (from mod_imagemap) and the .html extension is mapped to the media-type text/html, then the file world.imap.html will be associated with both the imap-file handler and text/html media-type. When it is processed, the imap-file handler will be used, and so it will be treated as a mod_imagemap imagemap file.
所以这个环境本身是没有问题的,就是标题不太准确。
from vulhub.
实际环境中的“未知后缀解析漏洞”,可能是另一种漏洞。我暂时没找到复现环境,期待你能提供相关的测试站点或配置文件。
from vulhub.
phpstudy官方集成环境的这个版本就存在apache的解析漏洞,下载地址:
http://phpstudy.php.cn/phpstudy/phpStudy(PHP5.2).zip
我也在制作实际环境中的“未知后缀解析漏洞”的docker镜像,无奈上网并没有提起具体如何配置才导致漏洞。明天看下表哥提供的资料,下一步准备研究下apache的配置,有进展再来交流。
from vulhub.
好的,明天搭建一下试试。
from vulhub.
后续相关讨论,可以继续在这个issue中进行。
from vulhub.
ok
from vulhub.
各位表哥,后续呢
from vulhub.
此贴终结 哈哈
from vulhub.
表哥,后续呢
from vulhub.
Related Issues (20)
- Request Dockerfile for each container img HOT 1
- airflow/CVE-2020-11978启动失败 HOT 1
- ERROR: error pulling image configuration: unknown blob HOT 2
- [Proposal] Adding a .desc file for each CVE container HOT 5
- Java RMI Registry 反序列化漏洞(<=jdk8u111)无法复现
- 苹果M1芯片启动项目时exec 格式错误 HOT 1
- php/xdebug-rce fails to build HOT 1
- Include `Dockerfile` in the repo HOT 3
- jumpserver随机数种子泄露导致账户劫持漏洞 默认admin账号密码无法登录 HOT 7
- 关于/grafana/admin-ssrf这个漏洞的一些问题。 HOT 2
- 关于 Compose file 的优化建议, 兼容 arm 架构 (M1 mac) HOT 6
- log4j/CVE-2021-44228: Unsupported operation HOT 2
- CVE-2017-17405镜像build失败 HOT 3
- phpmailer/CVE-2017-5223 build error HOT 3
- elasticsearch/CVE-2015-3337 build error HOT 1
- cve-2017-10271-weblogic-1运行不起来 HOT 4
- solr/CVE-2019-17558 容器运行失败 HOT 1
- 运行ecshop的安装界面失败 HOT 5
- OpenSSH 用户名枚举漏洞(CVE-2018-15473)不需要提交flag吗? HOT 3
- MINIO zh-cn.md文档细节问题 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulhub.