0x00 Preface
First introduce Xiaopi:
phpStudy is a program integration package for the PHP debugging environment. The package integrates the latest Apache+PHP+MySQL+phpMyAdmin+ZendOptimizer, one-time installation, and can be used without configuration. It is a very convenient and easy-to-use PHP debugging environment. The program not only includes the PHP debugging environment, but also includes development tools, development manuals, etc.
I remember my lovely Taoing told me about this hole some time ago, because it is the default test version of Xiaopi (phpstudy_pro), which is nginx 1.15.11, so if you use Xiaopi to build the system, nginx will not change. In the version, there will be parsing loopholes by default. But it has not been reproduced. Last night, a large wave of public accounts issued this loophole one after another, so a wave of reappearance came.
Here it must prompt a little, small leather default nginx1.15.11 version.
0x01 Affected version
- 8.1.0.4
- 8.1.0.7
0x02 environment construction
The environment is very simple:
1. Download phpstudy_pro (small leather version)
2. Installation environment, simple installation
0x03 Vulnerability recurrence
ready:
php picture horse
One Xiaopi environment (mysql and nginx1.15.11 are enabled by default)
I don’t have so much time to set up an environment for uploading pictures and test it myself. I directly dragged the one-sentence picture to my server, the root directory of the site, and then directly visited:
http://127.0.0.1/shell.jpg
You can see our picture horse
http://127.0.0.1/shell.jpg/.php
You can see the successful analysis, use a chopper or ant sword to connect:
0x04 summary
Muzzle black and gray: You can search for nginx/1.15.11 in batches on fofa. Of course, it is to brush holes, not to let you destroy it, fool.
Please indicate: Adminxe's Blog » phpstudy_pro The latest version of nginx has arbitrary file parsing vulnerabilities by default