zoukankan      html  css  js  c++  java

  • nginx 0.6.x Arbitrary Code Execution NullByte Injection

    测试方法:

    提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
      1. # Exploit Title: nginx Arbitrary Code Execution NullByte Injection
      2. # Date: 24/08/2011
      3. # Exploit Author: Neal Poole
      4. # Vendor Homepage: http://nginx.org/
      5. # Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz
      6. # Version: 0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37
      7. # Tested on: Ubuntu Server 10.04.1
      8. # nginx version: 0.6.36
      9. # Advisory: https://nealpoole.com/blog/2011/08/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/
      10.  
      11.  
      12. # Description
      13. In vulnerable versions of nginx,null bytes are allowed inURIsbydefault(their presence is indicated via a variable named zero_in_uri definedin ngx_http_request.h).Individual modules have the ability to opt-out of handling URIswithnull bytes.However,not all of them do;in particular, the FastCGImodule does not.
      14.  
      15. # Proof of Concept:
      16. http://<server>/<path>/file.ext%00.php
      17. or
      18. http://<server>/<path>/file.ext/x00.php
  • 相关阅读:
    HDU 1058 Humble Numbers
    HDU 1421 搬寝室
    HDU 1176 免费馅饼
    七种排序算法的实现和总结
    算法纲要
    UVa401 回文词
    UVa 10361 Automatic Poetry
    UVa 537 Artificial Intelligence?
    UVa 409 Excuses, Excuses!
    UVa 10878 Decode the tape
  • 原文地址:https://www.cnblogs.com/security4399/p/3032662.html
Copyright © 2011-2022 走看看