IIS_7.o/7.5解析漏洞
目录[*]IIS_7.o/7.5解析漏洞
[*]
[*]1.1、漏洞描述
[*]1.2、漏洞等级
[*]1.3、影响版本
[*]1.4、漏洞复现
[*]1、基础环境
[*]2、漏洞扫描
[*]3、漏洞验证
[*]1.5、修复建议
IIS_7.o/7.5解析漏洞
说明内容漏洞编号漏洞名称IIS_7.o/7.5解析漏洞漏洞评级影响范围win7,server2008漏洞描述修复方案1.1、漏洞描述
漏洞原理:
cgi.fix_path=1
1.png/.php该漏洞不是由于代码或者框架引起,而是由于配置问题引起的漏洞
1.2、漏洞等级
1.3、影响版本
IIS_7.o/7.5
1.4、漏洞复现
1、基础环境
windows server 2008
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606829-1366825327.png
在服务器路径下创建1.php脚本
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172607014-918296775.png
2、漏洞扫描
3、漏洞验证
IIS想要运行PHP,中间有个技术叫FASTCGI
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606955-21351749.png
当访问1.php的时候,交给php-cgi.exe来执行,解释完的执行结果再返回给浏览器
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606851-217469892.png
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172607041-1844922273.png
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606602-1097788790.png
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172607139-1531941070.png
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172607080-1252592911.png
如果把1.php后缀改成1.png
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606675-1187238504.png
访问1.png,报错
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172719799-1799783729.png
在1.png后面加上/.php
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606927-1276111917.png
这里之所以能够以1.png/.php的方式访问,是因为下面的对勾没有勾上
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172607177-615697304.png
1.5、修复建议
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606666-1173532096.png
之所以能够以1.png/.php的方式解析php文件
是因为php的安全 选项cgi.fix_pathinfo=1,需要把它改成0
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606811-1962819794.png
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172607107-2012036347.png
就是不能通过/.php的方式访问了
https://img2023.cnblogs.com/blog/2034842/202309/2034842-20230908172606791-51055529.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!
页:
[1]