I spring and Autumn: wary of the analysis of the Apache station to bypass the upload bug

Experimental environment Experiment Environment Operation machine: Windows XP target: Windows 2003 target URL: www.test.com Experimental tool: The purpose of Chinese kitchen knife experiment

This course leads us to use the Apache parsing flaw to bypass the authentication to upload the Trojan horse, thus makes the understanding to upload the Trojan is not difficult, needs to improve own defense ability. Experimental ideas upload normal pictures and Webshell use Apache parsing defect bypass upload detection get Webshell Right Defense scheme experiment Step 1 upload normal pictures and Webshell

Open the browser and enter the target site (IP address) in the Address bar. After entering the site, click to start searching for pictures.

The name of the image you are searching for is a. jpg format.

Copy and paste the search to the desktop and upload it.

Click Browse to select a picture on your desktop.

Click Submit to successfully upload the normal picture (the image suffix type is within the allowable upload suffix name type range) returns the red Success message and the picture path in the uploading/folder under the file name tupian.jpg picture file.

Try uploading a Word file

Click on the shortcut to the desktop (that is, the word. txt under the Caidao folder under the Tools Tool folder) Click to open a word. txt file to copy the PHP code of a sentence.

Small I hint: A word is a common web site backdoor, dapper, and powerful, concealment is very good, in the penetration testing process has always played a powerful role. Different environments need to choose a word that matches the environment

Creates a new empty text document, writes a PHP sentence to the text, modifies the file name yijuhua.php and saves it to the desktop

Small I hint: in a sentence $_post[' Here is the password ', in this case we use 1 as the password

Click Browse to select the yijuhua.php file to upload the desktop.

Click Submit to show upload failed (the mouse display upload failure file name is not the type of upload), indicating that the server will upload files to verify that we need to bypass validation.

2 using Apache to resolve defects bypass upload detection

To bypass the upload, add the yijuhua.php file name with a suffix of. 7z.

Small I hint: You can also modify the suffix named Cab zip bmp, etc., as long as the upload type allowed can upload success

Click Browse, select upload yijuhua.php.7z file name on the desktop to upload.

Display upload success, will uploadimg/upload path and yijuhua.php.7z copy down.

3 Getting Webshell Permissions

Copy the http:www.test.com/uploadimg/yijuhua.php.7z URL path to the chopper tool to connect.

Open the desktop shortcut (that is, the Caodao folder under the Tools folder) to open the Chopper.exe file.

Click the right mouse button in the margin to select Add.

Put the uploaded file path to the kitchen knife link address and then input upload a sentence in the file set in the password is 1, choose the appropriate script type, here upload is PHP script, and finally click Add.

Double click on open address, connect successfully, you can successfully see the Uploadimg folder has a key file.

Right key file, click Edit, you can see the string description of a word upload success.

4 Defense Program

1. There is a strict distinction between the privileges of the ordinary user and the system administrator

2. Forced use of parameterized statements

3. Enhance validation of user input

4. Multiple use of the database with its own security parameters

5. Use the Professional Vulnerability scanning Tool to find the point that may be attacked