一个MIMT漏洞,或许特殊场景能够发现出特殊的效果。
httpoxy poc https://github.com/httpoxy
生动形象 https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
什么是httpoxy https://medium.com/@nzdominic/what-is-httpoxy-65a33a8a1f4d
介绍是如何发现httpoxy这个漏洞的 https://medium.com/@nzdominic/how-the-internets-biggest-blind-spot-lead-to-a-15-year-old-security-vulnerability-a2a6f6218a71#.7juwhx49s
非常不错 含测试脚本/修补建议和相关原理分析 https://access.redhat.com/security/vulnerabilities/httpoxy
http://seclists.org/oss-sec/2016/q3/94
reddit上的相关讨论,作者现身 https://www.reddit.com/r/netsec/comments/4tfc4k/httpoxy_a_cgi_application_vulnerability_for_php/
https://www.apache.org/security/asf-httpoxy-response.txt
https://news.ycombinator.com/item?id=12115051 hacknews
类似心脏出血重大漏洞的公布站点 https://github.com/KeenRivals/Bugsite-Index
鸟哥的分析说明贴:http://www.laruence.com/2016/07/19/3101.html
乌云zone的一些讨论:zone.wooyun.org/content/28537