一.uWSGI 漏洞复现(CVE-2018-7490)——路径遍历
漏洞详情说明:https://www.anquanke.com/vul/id/1124864 (通过编号去查找此漏洞的详情)
DETAILS
-------
The documentation of uWSGI states that the php-docroot option is used to jail our php environment to a project directory (http://uwsgi-docs.readthedocs.io/en/latest/PHP.html#run-php-apps-without-a-frontend-server).
; jail our php environment to project_dir
php-docroot = %(project_dir)
During testing it was observed that uWSGI was affected by a Directory Traversal vulnerability when executed as a standalone (without a front-end web server) along with the "php-docroot" option to enforce the DOCUMENT_ROOT of the web application.
uwsgi --http-socket :1337 --protocol=http --plugin php --php-index index.php --php-docroot /home/testing/webapp/
An attacker could exploit this vulnerability by using path traversal sequences (&#