Code execution of metersbonwe mall caused the collapse + nginx parsing vulnerability of a sub-station

Source: Internet
Author: User

PHP code execution in two shopping malls of metersbonwe directly fails. nginx parsing vulnerability in one sub-site: ThinkPHP framework URI arbitrary code execution vulnerability in two shopping malls: Response (phpinfo () % 7D/response (phpinfo ()) % 7D code execution, you can directly getshell. There is also a nginx Parsing Vulnerability: meibang, I have always liked wow. Please give me a gift and ask for encouragement. Thinkphp code execution, can download officially released patches: Spec = svn2904 & r = 2838 or directly modify the source code:/trunk/ThinkPHP/Lib/Core/Dispatcher. class. php $ res = preg_replace ('@ (w + )'. $ depr. '([^ '. $ depr. '\/] +) @ E',' $ var [\ '\ 1 \'] = "\ 2"; ', implode ($ depr, $ paths); changed to $ res = preg_replace ('@ (w + )'. $ depr. '([^ '. $ depr. '\/] +) @ E',' $ var [\ '\ 1 \'] = "\ 2 ';', implode ($ depr, $ paths); replace the double quotation marks in the second preg_replace parameter with single quotation marks to prevent the php variable syntax from being parsed and executed. Nginx resolution vulnerability fix: Reference from Baidu: 1 disable php. path_info, cgi. set path_info to 0. if there is one before by default; or if there is no such paragraph, add cgi manually. path_info = Modify nginx settings. For example, the original file server {listen 80; server_name; location/{root/home/www/; index. php index.html index.htm; autoindex on;} location ~ \. Php $ {root html; fastcgi_pass 9000; fastcgi_index index. php; if ($ fastcgi_script_name ~ \ .. * \/. * Php) {return 403;} fastcgi_param SCRIPT_FILENAME/home/www/ $ fastcgi_script_name; include fastcgi_params ;}}

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.