低版本本身自带
在版本 <= 2.2的apache中自带解析漏洞,低版本的apache对于一个文件的解析是从右往左的,例如我们为了绕过上传后门文件,将文件名命名为webshell.php.owf.rar.asc,攻击者在访问的时候,apache会从右往左开始查看该文件的后缀,.asc他发现不认识,所以继续往左,.rar他发现也不认识,就会继续往左,.owf不认识会继续往左,直到发现.php发现是他认识的,所以就会将该文件以php的方式解析,而上传的时候黑白名单检测后缀也可以绕过
配置不当
AddType
在apache的httpd.conf的文件中,如果将AddType application/x-httpd-php的后面加上 .jpg或者是其他任意格式
那么在你访问改后缀的时候都会被当成php的脚本代码去解析,例如我们在后面加入了.jpg,那当我们访问webshell.jpg的时候,该文件会被帮当作php文件去执行
AddHandler
在apache的httpd.conf文件中,如果将AddHandler php5-script的后面加上 .php,那么这时只要文件命中包含php,就会将文件当作php文件去解析执行,webshell.php.jpg会被当作脚本代码去解析执行
修复方案
修改配置文件,禁止.php文件执行、
在apache的httpd.conf文件中加上
<Files ~ ".(php.|php3.)">
Order Allow,Deny
Deny from all
</Files>上面的意思是有.php或者php.或者.php3或者php3.这样php前后有.的就拒绝上传
伪静态
重写.php.*这类文件,在apache的httpd.conf文件中找到loadModule rewrite_module modules/mod_rewrite.so
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .(php.lphp3.)/index.php
RewriteRule .(pHp.lpHp3.)/index.php
RewriteRu1e .(php.lphP3.)/index.php
RewriteRu1e .(Php.lPhp3.)/index.php
RewriteRule .(PHp.lPHp3.)/index.php
RewriteRule .(PhP.lPhP3.)/index.php
RewriteRu1e .(pHP.lpHP3.)/index.php
RewriteRule .(PHP.IPHP3.)/index.php
</IfModu1e>上面的意思就是当有这些.php.等这些出现时,都将重定向(跳转)到index.php下
16人评论了“apache解析漏洞”
tipobet porn
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
lamerler olmez
Your point of view caught my eye and was very interesting. Thanks. I have a question for you. https://accounts.binance.com/ru/register-person?ref=V3MG69RO
Doesn t appear to be the same thing buy priligy 60 mg Antisense compounds, compositions and methods are provided for modulating the expression of SAP 1
I have read a few excellent stuff here. Definitely value bookmarking for revisiting. I wonder how much effort you put to make such a excellent informative site.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Rose Geranium is definitely paying off for us priligy fda approval Planning to have a baby can be very exciting
priligy dapoxetine buy The alternative choices that have been available in the past offered only a modest benefit
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
After this, sabotage performed by Russian authorities and replacing of computer data provided to WADA in 2018 resulted in further severe sanctions against Russian sport order generic cytotec online
Serving Iraq with pride, BWER supplies high-performance weighbridges designed to improve transport logistics, reduce inaccuracies, and optimize industrial processes across all sectors.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Can you be more specific about the content of your enticle? After reading it, I still have some doubts. Hope you can help me.