Shulou(Shulou.com)06/01 Report--

Vulnerability background:

Apache runs the script through mod_php. There is an apache newline parsing vulnerability in 2.4.0-2.4.29. When parsing php, xxx.php\ x0A will be parsed according to the PHP suffix, resulting in bypassing the security policies of some servers.

This vulnerability belongs to the vulnerability caused by improper user configuration and has nothing to do with the specific version of middleware. This is not so much a flaw as a feature of apache, which is what we usually call right-to-left parsing is the same. When apache encounters a file suffix that cannot be parsed, such as xxx.php.123.456, apache parses the file to php if the suffix .123 / .456 does not exist in the mime.types file. You can also change the parameters in the httpd.conf file or configure .htaccess directly.

Directly upload a php sentence with the suffix 1.php.jgp, and then connect it with an ant sword.

This is connected.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.