Apache File Name Parsing Vulnerability

Test environment: apache 2.0.53 winxp, apache 2.0.52 redhat linux 1. the foreign (ssr team) has released multiple advisory vulnerabilities called Apache's MIME module (mod_mime)related loopholes, and the vulnerability attack.php.rar will be executed as a PHP file, including Discuz! The p11.php.php.php.php.php.php.php.php.php.php.php.rar vulnerability. 2. The superhei of S4T published a small feature of apache on the blog, that is, apache checks the Suffix from the end and executes it according to the last valid suffix. In fact, you only need to take a look at the default index. XX files of apache htdocs. 3. superhei has already made it very clear and can make full use of the Upload Vulnerability. I tested it according to the format of files that are generally allowed to be uploaded, and listed the following (unclassified) typical types: rar Backup Type: bak, lock streaming media type: wma, wmv, asx, as, mp4, rmvb Microsoft type: SQL, chm, hlp, shtml, asp Arbitrary type: test, fake, ph4nt0m special type: torrent www.2cto.com program type: jsp, c, cpp, pl, cgi 4. the key to the entire vulnerability is what the apache "Legal suffix" is and can be exploited if it is not "Legal suffix. 5. test environment a. php <? Phpinfo ();?> Then add any suffix for testing, a. php. aaa, a. php. aab ....