Phpdisk online storage upload parsing vulnerability analysis and detailed repair solutions

 

Brief description: The phpdisk system is widely used. This parsing vulnerability is a little tricky. The phpdisk version is not a killer.

 

Detailed Description: A parsing vulnerability recently discovered on an online storage site. The phpdisk system is widely used. This parsing vulnerability is a bit tricky. The phpdisk version is not a killer.

Because it is a PHP program, the server must support PHP, which restricts the uploading of php. asp. aspx. php2. and other scripts in the background. However, you can upload a program such as 1.php; rar. To exploit the IIS6 Parsing Vulnerability. We changed phphorse to 1.phpjavasrar. if it was changed to 1.php#.rar, it would not work because it would automatically change the name. 1. php; rar he changed his name but. php; rar won't be changed. Find the path after uploading.

 

 

 

Right-click China Telecom to download 1. Then click Properties.

 

 

 

This is basically the case. The uploaded directory address can be found in robots.txt Disallow:/filestores/

This directory is the trojan address of the default upload directory.

 

 

This is an IIS6 vulnerability.

 

 

Nginx can directly upload an image with one sentence, in combination with two resolution vulnerabilities. The first type is

 

Http://www.bkjia.com/filestores/2011/11/27/9 fd4b463a22085ee4a3f011a592ed4a7.jpg/1.php

 

Nginx also has a parsing vulnerability, with few followers. The format is as follows.

 

Http://www.bkjia.com/filestores/2011/11/27/9 fd4b463a22085ee4a3f011a592ed4a7.jpg % 00.php

 

 

Proof of vulnerability: You know, you know

Solution: Summary and fix: the vulnerability is not strictly filtered in the background.

 

Patch method 1. Set the suffix to be filtered out in the background.

 

2. Modify the default upload directory. Or do not grant the script permission.

 

3. Upgrade nginx.

 

4. Hide.

 

 

Author: xiaohang