CVE-2019-11043
Date: 2019.9.16 类型: 远程代码执行 前置条件:
Nginx + fastcgi + php-fpm
配置文件信息如下: location ~ [^/]\.php(/|$) { ... fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass php:9000; ... } 影响范围:version>php 7, php5(EXP暂无) PoC:https://github.com/neex/phuip-fpizdamgo run . "http://ip:8080/index.php" ExP:http://ip:8080/index.php?a=id
原文地址:https://www.cnblogs.com/AtesetEnginner/p/11735653.html
时间: 2024-11-05 18:51:01