CVSS评分 | 9.8 |
漏洞类型 | 远程执行代码漏洞 |
漏洞概述 | Laravel是一套简洁、开源的PHP Web开发框架,旨在实现Web软件的MVC架构。当Laravel开启了Debug模式时,由于Laravel自带的Ignition 组件对file_get_contents()和file_put_contents()函数的不安全使用,攻击者可以通过发起恶意请求,构造恶意Log文件等方式触发Phar反序列化,最终造成远程代码执行。 |
一、更新apt包
sudo apt-get update
在此一直报出文件被占用,或者apt无法更新,在此提出解决方案
1、查看apt进程占用情况
ps -e | grep apt
杀死进程
sudo kill -9 [进程号]
2、为保持下载的包与文档同步,先删除原文档,再更新apt
sudo rm /var/lib/apt/lists/lock
sudo rm /var/cache/apt/archives/lock
sudo rm /var/lib/dpkg/lock
sudo rm /var/lib/dpkg/lock-frontend
3、重新更新apt
sudo apt update && sudo apt full-upgrade
二、环境搭建
1、下载并搭建docker
sudo apt-get install docker
查看docker版本
docker -v
允许开机启动docker服务
systemctl enable docker
启动docker服务
service docker start
进入CVE目录,拉取镜像
cd CVE-2021-3129
docker-compose up -d
浏览器访问http://[ip]:8888
点击首页的“generate key”然后刷新页面出现四个格子,表示docker环境搭建成功
2、安装python3并搭建编译环境、make、zlib1g
wget https://cdn.npm.taobao.org/dist/python/3.8.3/Python-3.8.3.tgz
sudo apt-get install ubuntu-make
sudo apt-get install zlib1g-dev
(详见https://blog.csdn.net/qq_41851454/article/details/79740579)
三、漏洞复现
1、下载phpggc,使用docker环境中带有exp
git clone https://github.com/ambionics/phpggc.git
2、给phpggc执行权限
chmod 777 phpggc/phpggc
3、修改exploit.py中的url为自己的漏洞地址
4、把exp和phpggc放在同一目录,使用python3执行exp,可以看到执行了exp里命令
python3 exploit.py
四、报错解决
1、Ubuntu安装docker报错Unable to locate package docker
更新软件源
sudo apt-get update
再次安装docker docker-compose
sudo apt install docker docker-compose
2、在此还会出现报错E: Failed to fetch,网络源无法使用的问题,解决方法是添加DNS服务器
输入指令
sudo gedit /etc/resolv.conf
在resolv.conf中添加阿里DNS
nameserver 233.5.5.5
nameserver 233.6.6.6
保存并更新apt包
sudo apt-get update
3、在此更新,还出现警告W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Could not connect to security.ubuntu.com:80 (91.189.91.38), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out W: Some
一般是镜像源出的问题,将下列文本添加到/etc/apt/sources.list文件中
deb http://mirrors.aliyun.com/ubuntu/ raring main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ raring-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ raring-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ raring-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ raring-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ raring main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ raring-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ raring-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ raring-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ raring-backports main restricted universe multiverse
再更新。
sudo apt-get update
若还报错,一般还是DNS配置的问题(暂时忽略)
4、再次去下载安装包
sudo apt install docker docker-compose
5、查看版本
docker --version
6、在开启docker后,拖动docker报出ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
由于用户未加入到docker中,使用管理员用户即可。
二、执行make install出现
zipimport.ZipImportError: can't decompress data; zlib not available
Makefile:1186: recipe for target 'install' failed
make: *** [install] Error 1
安装zlib1g即可解决。
sudo apt-get install zlib1g-dev
三、复制报出cannot overwrite directory ‘xxx‘ with non-directory
原因是新目录下有同名的目录,写入失败。