Kev tawm tsam yog ua tau nyob rau hauv nginx configurations nyob rau hauv uas xa mus rau PHP-FPM yog ua los ntawm kev sib cais qhov chaw ntawm lub URL siv "fastcgi_split_path_info" thiab txhais cov PATH_INFO ib puag ncig kuj sib txawv, tab sis tsis tau thawj zaug kuaj lub hav zoov ntawm cov ntaub ntawv siv "try_files $fastcgi_script_name" cov lus qhia lossis "yog tias (!-f $) document_root$fastcgi_script_name)". Qhov teeb meem kuj yog
qhov chaw ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^ (. +? \. php) (/.*) $;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php:9000;
}
Koj tuaj yeem taug qab qhov kev daws teeb meem hauv cov khoom siv faib khoom ntawm nplooj ntawv no:
try_files $fastcgi_script_name = 404;
Qhov teeb meem yog tshwm sim los ntawm ib qho kev ua yuam kev thaum manipulating pointers nyob rau hauv ib cov ntaub ntawv
Yog hais tias cov lus qhia fastcgi_split_path_info qhia txog kev faib cov ntawv txoj kev siv cov kab lus tshiab-sensitive tsis tu ncua (piv txwv li, ntau cov piv txwv qhia siv "^.+?\.php)(/.*)$"), ces tus neeg tawm tsam tuaj yeem xyuas kom meej tias qhov tus nqi khoob yog sau rau PATH_INFO ib puag ncig hloov pauv. Hauv qhov no, ntxiv nrog rau kev ua tiav
Los ntawm kev thov ib qho URL formatted nyob rau hauv ib txoj kev, tus neeg tawm tsam tuaj yeem ua tiav qhov hloov pauv ntawm path_info pointer mus rau thawj byte ntawm "_fcgi_data_seg" qauv, thiab sau tus lej xoom rau cov byte no yuav ua rau lub zog ntawm "char * pos" taw tes rau thaj chaw nco yav dhau los. Tom ntej no hu ua FCGI_PUTENV yuav overwrite cov ntaub ntawv nyob rau hauv lub cim xeeb no nrog tus nqi uas tus attacker tswj tau. Lub cim xeeb tau teev tseg tseem khaws cov txiaj ntsig ntawm lwm qhov sib txawv FastCGI, thiab los ntawm kev sau lawv cov ntaub ntawv, tus neeg tawm tsam tuaj yeem tsim qhov tsis tseeb PHP_VALUE sib txawv thiab ua tiav lawv cov cai.
Tau qhov twg los: opennet.ru