当前位置:首页 > 报告详情

橙色蔡_混淆攻击利用Apache HTTP服务器中的隐藏语义模糊(预录).pdf

上传人: 张** 编号:175395 2024-09-13 106页 3.98MB

1、Confusion Attacks!Orange TsaiExploiting Hidden Semantic Ambiguity in Apache HTTP ServerUSA 2024Who hasnt heard of Apache HTTP Server before?Apache Httpd in a Nutshell1.Almost 30-year-old open-source project2.CGI enabled by default3.Heavily integrated with PHP101 Ways to Run PHP1.mod_php2.php-fpm3.mo

2、d_fastcgi4.mod_proxy_fcgi5.mod_fcgi6.mod_fcgid7.mod_cgi+php-cli8.mod_cgi+php-cgi9.mod_cgi+spawn-fcgi10.mod_cgi+fcgiwrap11.more?Config Directives are ComplicatedSetHandler handler-name|none|expressionAddHandler handler-name extension extension.AddTypemedia-type extension extension.DefaultTypemedia-ty

3、pe|noneForceTypemedia-type|NoneActionaction-type cgi-script virtualRewriteRulePattern Substitution flagsProxyPasspath !|url key=value key=value.nocanon.FcgidWrappercommand suffix virtualFastCgiServerfilename optionWhich is Correct?AddHandler application/x-httpd-php.phpAddTypeapplication/x-httpd-php.

4、phpBoth are Correct!AddHandler application/x-httpd-php.phpAddTypeapplication/x-httpd-php.phpCorrect doesnt mean SecureAddHandler application/x-httpd-php.phpAddTypeapplication/x-httpd-php.phpAddHandler application/x-httpd-php.phpCorrect doesnt mean SecureAddTypeapplication/x-httpd-php.php1.Almost 30-

5、year-old open-source project2.CGI enabled by default3.Heavily integrate with PHP4.Last but not leastApache Httpd in a NutshellApache Httpd in a Nutshell1.Almost 30-year-old open-source project2.CGI enabled by default3.Heavily integrate with PHP4.Last but not least#1 How to Bypass AuthType Basic Auth

6、Name Admin Panel AuthUserFile/etc/apache2/.htpasswd Require valid-user#2 How to BreakRewriteRule/html/(.*)$/$1.html#3 How to Exploit#!/usr/bin/perluse CGI;my$q=CGI-new;my$redir=$q-param(redir);if($redir&$redir=mhttp:/)print Location:$redirn;print Content-Type:text/htmlnn;XSS only?CRLFInjection inRes

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了Apache HTTP服务器中的混淆攻击。作者Orange Tsai通过分析Apache HTTP服务器的文件名混淆、文档根混淆和处理器混淆等现象,揭示了Apache HTTP服务器在处理HTTP请求时可能存在的漏洞。文章详细介绍了如何利用这些混淆现象来绕过认证和访问控制,以及如何通过修改HTTP响应头中的内容类型来调用任意处理器,从而实现信息泄露、SSRF等攻击。作者还分享了一些Apache HTTP服务器中的默认本地小工具,以及如何利用这些小工具进行攻击。最后,作者提出了未来工作的方向,包括寻找更多的默认ACL和本地小工具,以及在全球范围内进行漏洞挖掘。
如何利用Apache HTTP服务器的文件名混淆漏洞进行权限绕过? 如何通过修改Content-Type实现任意处理器调用? 如何利用Apache HTTP服务器的文档根目录混淆漏洞进行信息泄露?
客服
商务合作
小程序
服务号
折叠