Iis php fastcgi mode pathinfo value error Arbitrary Code Execution Vulnerability repair method, fastcgipathinfo

Source: Internet
Author: User
Tags website server

Iis php fastcgi mode pathinfo value error Arbitrary Code Execution Vulnerability repair method, fastcgipathinfo

Description:

The target has the arbitrary code execution vulnerability.

Cause of vulnerability: the default PHP configuration IS incorrect. The IS + PHP fastcgi mode has a defect in parsing the PHP file. As a result, any file will be parsed by the server in PHP format, resulting in arbitrary code execution.

Verification Method: Open the target page and add/test. php after the original URL

Example.

Some browser free packet capture tools:

360 browser: Tools --> Developer Tools
IE browser: Tools --> F12 Developer Tools
Firefox: Search and download the Firebug plug-in --> F12 outbound call
Chrome: Click the menu in the upper right corner --> Tools --> Developer Tools

Hazards:

Attackers can exploit this vulnerability to directly execute arbitrary code on the website, which may directly control the website server, steal website data, and affect the normal operation of the website.

The following code execution vulnerability is reported in 360 when the IIS + PHP fastcgi mode pathinfo value is incorrect. The vulnerability is fixed as prompted:

The solution provided in section 360 is as follows:

I. Change the default Fastcgi mode of PHP to ISAPI mode (only running in Windows)

1. Download php zip package, http://www.php.net (pay attention to the corresponding version)
2. Copy php4isapi. dll in the sapi directory to the c: \ php Directory.
3. Go to "website management"-"virtual host"-"Server Settings" on the VM management platform, modify the PHP image, and set the original:
. Php, C: \ PHP \ php.exe, 5, GET, HEAD, POST, TRACE |
Changed:
. Php, C: \ PHP \ php4isapi. dll, 5, GET, HEAD, POST, TRACE |
4. (required for IIS 6) Open the IIS manager, click the Web service extension, and click the php attributes, and select "C: \ PHP \ php4isapi" in "required files" --- add. dll ", after confirmation, PHP can call.
 

Comments of the Helper's house:

Generally, it is not recommended to change to the ISAPI mode, and the efficiency is very low. 2003 the isapi mode can be used for php5.2.17, and 2008 it is recommended to directly modify the cgi. fix_pathinfo value in the php. ini configuration file to 0.

2. if conditions permit (consult a website Engineer), change the configuration parameter cgi. fix_pathinfo in php. ini to 0.

We recommend that you use this option, but you need to use the Server Management permission, generally vps or host

Comments of the Helper's house:

This method is recommended, which is convenient for iis, apache, and nginx.

Iii. iis Solution

Here, the customer's environment is IIS of windows server 2008R2. Here I find the php double-click in 'handler 'to enter this interface.

Go to 'request limited'

OK.

Test:

Create a new phpinfo(your JPG file test.jpg in the root directory on the server, access the http://www.xxx.com/test.jpg/1.php (php name after test.jpg), if there is a vulnerability, you can see the phpinfo () information, and vice versa will return 404 error.

4. Use website guard 360

Nginx pathinfo value error Arbitrary Code Execution Vulnerability

Cause of vulnerability: the default Nginx configuration is incorrect, which leads to an arbitrary code execution vulnerability.
Affected Versions:
Nginx 0. 5 .*
Nginx 0. 6 .*
Nginx 0.7 <= 0.7.65
Nginx 0.8 <= 0.8.37
Hazards:
Hackers can exploit this vulnerability to directly execute arbitrary code on the website, which may directly control the website server, steal website data, and affect the normal operation of the website.

Solution:

Upgrade Nginx to the latest version. Official Website: http://nginx.org /.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.