Vulnerability analysis
The occurrence of this vulnerability is due to the fact that apache used regular rules to match suffixes when fixing the first suffix name parsing vulnerability. When parsing php, xxx.php\x0A will be parsed according to the php suffix, resulting in bypassing some server security policies.
Vulnerability recurrence
Visit address
Make a one-sentence Trojan horse
Upload Trojan horse
Capture packet and add 0a