Vitter@sefechina.nethttp: // blog.securitycn.net today saw ecshop background take webshell article, think of a long time many versions of apache php extension parsing vulnerability, the main problem is: no matter what the last suffix of the file, as long as it is. php. * The end will be parsed into php by the Apache server
Vitter@sefechina.net
Http://blog.securitycn.net
Today, I saw an article using webshell in the ecshop background. I think of the apache php extension parsing vulnerability in many versions for a long time. The main problem is: no matter what the last suffix of the file is, as long as it is. php. * The end is parsed into a php file by the Apache server. The problem is that if apache is in mime. the types file does not have a defined extension such as x1.x2. in the case of x3, the last x3 is not defined, and it will be parsed into the second-to-last x2 defined extension. Xxx.php.rar or xxx. php.111 will be parsed to php if they are not defined in the mime. types file by default. Similarly, if it is cgi or jsp, how can we prevent this problem?
1. you can define common extensions in the mime. types file,
Example: application/rar
But this does not solve the problem. we cannot define all of them.
2. canceling upload is also unlikely.
3. force rename the uploaded file. this is implemented by the program. if there are many virtual machines and there are many developers, it is not reliable.
4. the ultimate method that is more reliable is to prohibit the execution permission of files such as *. php. *. of course, the file name of such a rule may be mistakenly killed, but basically there must be a problem with the file name.
Order Allow, Deny
Deny from all
Many dz forums, ecshop, phpcms, and other backend platforms use this vulnerability to upload webshells. if we do this, many problems can be solved, I hope this article will help you.