1.iis6.0 put上传
iis server 在web服务扩展中开启了webdav,配置了可以写入的权限,导致任意文件上传
2.iis6.0 ,iis7.0(iis7.5) 解析漏洞
iis6.0 例如上传asp木马 可以通过 x.asp;.jpg来绕过
iis6.0 例如我们可以控制上传文件夹,
就可以绕过限制image.asp/x.jpg x.jpg被解析成asp
iis7.0或iis7.5在使FastCGI方式调用php时,在php.ini里设置cgi.fix_pathinfo=1URL时,在URL后面
添加“/x.php”等字符时,该文件被iis当php文件代码解析
3.iis短文件解析
此漏洞实际是由HTTP请求中的代字符波浪号引起的。它允许远程攻击者在Web根目录下公开文件和文
件夹名称。攻击者可以找到通常无法从外部直接访问的重要文件,并获取有关应用程序基础结构的信息
原理:IIS的短文件名机制,可以暴力拆解短文件名,访问构造的某个存在的短文件名,会返回404,访问构
造的某个不存在的短文件名,返回400。
4.HTTP.SYS远程代码执行 MS15-034 导致系统蓝屏或者崩溃
远程攻击者可以通过IIS7服务将恶意的HTTP请求传递给HTTP.sys驱动,通过发送恶意的
HTTP请求导致远程代码执行或操作系统蓝屏。 Windows 7 、 Windows Server 2008 R2 、 Windows
8 、 Windows Server 2012 、 Windows 8.1 和 Windows Server 2012 R2等
5.RCE&CVE-2017-7269-Win2003_IIS6-直接获取WEB权限(只适用于iis6.0)
6.apache多后缀名解析漏洞
如果在apache中设置addhandler application/x-httpd-php .php(分布式配置文件)那么,在有多个
后缀的情况下,只要一个文件含有.php后缀的文件即将被识别成PHP文件,不一定是最后一个后缀。利
用这个特性,将会造成一个可以绕过上传白名单的解析漏洞
7.apache换行解析漏洞(CVE-2017-15715)
其2.4.0~2.4.29版本中存在一个解析漏洞,在解析PHP时,1.php\\x0A将被按照PHP后缀进行解析,导致
绕过一些服务器的安全策略。
8.Apache SSI 远程命令执行漏洞
当目标服务器开启了SSI与CGI支持,我们就可以上传shtml,利用<!–34;服务器端
嵌入&34;服务器端包含",是一种类似于ASP的基于服务器的网页制作技术。默认扩展名是
.stm、.shtm 和 .shtml
9.JBoss 5.x/6.x 反序列化漏洞复现(CVE-2017-12149)
该漏洞为 Java反序列化错误类型,存在于 Jboss 的 HttpInvoker 组件中的 ReadOnlyAccessFilter
过滤器中。该过滤器在没有进行任何安全检查的情况下尝试将来自客户端的数据流进行反序列化,从而
导致了漏洞。
影响:Jboss 5.x和 Jboss 6.x
检测:/invoker/readonly 若显示HTTP status 500,则说明漏洞可能存在
利用:Jboss反序列化_CVE-2017-12149.jar
修复:升级版本或不需要的http-invoker.sar组件,删除此组件
下载:https://github.com/yunxu1/jboss-_CVE-2017-12149
9.1
JBoss JMXInvokerServlet 反序列化漏洞
影响:Jboss 4.X
检测:/invoker/JMXInvokerServlet访问若提示下载,则可能存在漏洞。
利用:Jboss反序列化_CVE-2017-12149.jar
修复:升级版本
9.2
案例2-JBoos-弱口令安全-4.X&5.X&6.X
Jboss4.x及其之前的版本 console 管理路径为/jmx-console/和/web-console/,密码存
储:/opt/jboss/jboss4/server/default/conf/props/jmx-console-users.properties
Jboss5.x开始弃用了 web-console ,增加了admin-console,
Jboss5.x/6.x版本console路径为/jmx-console/和/admin-console/,
密码存储:jboss/server/default/conf/props/jmx-console-users.properties
9.3
JBoos 4.X 弱口令管理后台部署war包getshell
CVE-2017-7504启动环境 弱口令:admin/admin
a、访问:/jmx-console/HtmlAdaptor?
action=inspectMBean&name=jboss.deployment:type=DeploymentScanner,flavor=URL
b、生成war包部署自己服务器上:http://test.xiaodi8.com/one.war
c、找到void addURL,在ParamValue填入我们远程的war包,点击invoke
d、提示成功后,访问/one/one.jsp触发后门
9.4
JBoos 5/6.X 弱口令管理后台部署war包getshell
CVE-2017-12149启动环境 弱口令:admin/vulhub
a、Applications->Web Application s->Add a new resource
b、生成war包,上传,确定
c、确定添加后,访问/one/one.jsp触发后门
9.5Nginx解析漏洞
由于nginx.conf配置导致nginx把以’.php’结尾的文件交给fastcgi处理
9.6Nginx文件名逻辑漏洞 CVE-2013-4547:
而存在CVE-2013-4547的情况下,我们请求`1.gif[0x20][0x00].php`,这个URI可以匹配上正则`\\.php
网络安全之常见web中间件漏洞-今日头条{\”@context\”:\”https://schema.org\”,\”@type\”:\”NewsArticle\”,\”mainEntityOfPage\”:{\”@type\”:\”WebPage\”,\”@id\”:\”https://www.toutiao.com/article/6990520146771100168/\”},\”headline\”:\”网络安全之常见web中间件漏洞\”,\”description\”:\”1.iis6.0 put上传iis server 在web服务扩展中开启了webdav,配置了可以写入的权限,导致任意文件上传2.iis6.0 \”,\”image\”:[],\”datePublished\”:\”2021-07-30T01:14:39.000Z\”,\”dateModified\”:\”2023-04-16T14:30:52.000Z\”,\”author\”:{\”@type\”:\”Person\”,\”name\”:\”仁仁网络科技\”,\”url\”:\”https://www.toutiao.com/c/user/token/MS4wLjABAAAAdHtcUFUXrqnprkNpQb2aXIS9-PGfzp59Wv4hSAxyV-E/\”},\”publisher\”:{\”@type\”:\”Organization\”,\”name\”:\”今日头条\”,\”logo\”:{\”@type\”:\”ImageObject\”,\”url\”:\”https://lf3-static.bytednsdoc.com/obj/eden-cn/uhbfnupkbps/216.png\”}}}!function{a=\”precollect\”,o=\”getAttribute\”,i=\”addEventListener\”,{).push,location.href),.push}).q=[],l.p={a:[]},r[s]=l,).src=t+\”?bid=toutiao_web_pc&globalName=\”+s,p.crossOrigin=0<t.indexOf?\"anonymous\":\"use-credentials\",e.getElementsByTagName[0].appendChild,i in r&&{e=e||r.event,instanceof Element||m instanceof HTMLElement?m[o]?r[s]||m[o]):r[s]||m[o]}):r[s]},l.pcRej=function{e=e||r.event,r[s]},r[i],r[i]),\"PerformanceLongTaskTiming\"in r&&.observer=new PerformanceObserver{f.entries=f.entries.concat)}),f.observer.observe)}window.Slardar&&window.Slardar!function{if{function c{c.q.push}c.q=c.q||[],n[t]=c}n[t].l=+new Date}window.collectEvent,window.collectEvent,window.collectEvent,window.collectEventwindow.byted_acrawler&&window.byted_acrawler.initwindow.TTGCaptcha&&window.TTGCaptcha.initwindow.secsdk&&window.secsdk.csrf.setProtectedHost\”undefined\”!=typeof window&&\”serviceWorker\”in navigator&&window.addEventListener{navigator.serviceWorker.register.catch{window.Slardar&&window.Slardar})})function gtag{dataLayer.push}window.dataLayer=window.dataLayer||[],gtag,gtag%7B%22data%22%3A%7B%22title%22%3A%22%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E4%B9%8B%E5%B8%B8%E8%A7%81web%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E%22%2C%22abstract%22%3A%221.iis6.0%20put%E4%B8%8A%E4%BC%A0iis%20server%20%E5%9C%A8web%E6%9C%8D%E5%8A%A1%E6%89%A9%E5%B1%95%E4%B8%AD%E5%BC%80%E5%90%AF%E4%BA%86webdav%EF%BC%8C%E9%85%8D%E7%BD%AE%E4%BA%86%E5%8F%AF%E4%BB%A5%E5%86%99%E5%85%A5%E7%9A%84%E6%9D%83%E9%99%90%EF%BC%8C%E5%AF%BC%E8%87%B4%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A02.iis6.0%20%2Ciis7.0%EF%BC%88iis7.5%EF%BC%89%20%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9Eiis6.0%20%E4%BE%8B%E5%A6%82%E4%B8%8A%E4%BC%A0asp%E6%9C%A8%E9%A9%AC%20%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87%20x.%22%2C%22articleType%22%3A%22article%22%2C%22itemId%22%3A%226990520146771100168%22%2C%22groupId%22%3A%226990520146771100168%22%2C%22groupSource%22%3A2%2C%22isOriginal%22%3Atrue%2C%22banComment%22%3Afalse%2C%22publishTime%22%3A%222021-07-30%2009%3A14%22%2C%22source%22%3A%22%E4%BB%81%E4%BB%81%E7%BD%91%E7%BB%9C%E7%A7%91%E6%8A%80%22%2C%22tag%22%3A%22technique%22%2C%22mediaSite%22%3Anull%2C%22pathname%22%3A%22%2Farticle%2F6990520146771100168%2F%22%2C%22useCandle%22%3Afalse%2C%22isExclusive%22%3Afalse%2C%22favorite%22%3Afalse%2C%22relation%22%3A%7B%22isFollowing%22%3Afalse%2C%22isFollowed%22%3Afalse%7D%2C%22likeData%22%3A%7B%22userLikeStatus%22%3A0%2C%22count%22%3A0%7D%2C%22isSelf%22%3Afalse%2C%22content%22%3A%22%3Cp%20data-track%3D%5C%222%5C%22%3E1.iis6.0%20put%E4%B8%8A%E4%BC%A0%3C%2Fp%3E%3Cp%20data-track%3D%5C%223%5C%22%3Eiis%20server%20%E5%9C%A8web%E6%9C%8D%E5%8A%A1%E6%89%A9%E5%B1%95%E4%B8%AD%E5%BC%80%E5%90%AF%E4%BA%86webdav%EF%BC%8C%E9%85%8D%E7%BD%AE%E4%BA%86%E5%8F%AF%E4%BB%A5%E5%86%99%E5%85%A5%E7%9A%84%E6%9D%83%E9%99%90%EF%BC%8C%E5%AF%BC%E8%87%B4%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%3C%2Fp%3E%3Cp%20data-track%3D%5C%224%5C%22%3E2.iis6.0%20%2Ciis7.0%EF%BC%88iis7.5%EF%BC%89%20%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E%3C%2Fp%3E%3Cp%20data-track%3D%5C%225%5C%22%3Eiis6.0%20%E4%BE%8B%E5%A6%82%E4%B8%8A%E4%BC%A0asp%E6%9C%A8%E9%A9%AC%20%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87%20x.asp%3B.jpg%E6%9D%A5%E7%BB%95%E8%BF%87%3C%2Fp%3E%3Cp%20data-track%3D%5C%226%5C%22%3Eiis6.0%20%E4%BE%8B%E5%A6%82%E6%88%91%E4%BB%AC%E5%8F%AF%E4%BB%A5%E6%8E%A7%E5%88%B6%E4%B8%8A%E4%BC%A0%E6%96%87%E4%BB%B6%E5%A4%B9%EF%BC%8C%3C%2Fp%3E%3Cp%20data-track%3D%5C%227%5C%22%3E%E5%B0%B1%E5%8F%AF%E4%BB%A5%E7%BB%95%E8%BF%87%E9%99%90%E5%88%B6image.asp%2Fx.jpg%20x.jpg%E8%A2%AB%E8%A7%A3%E6%9E%90%E6%88%90asp%3C%2Fp%3E%3Cp%20data-track%3D%5C%228%5C%22%3Eiis7.0%E6%88%96iis7.5%E5%9C%A8%E4%BD%BFFastCGI%E6%96%B9%E5%BC%8F%E8%B0%83%E7%94%A8php%E6%97%B6%EF%BC%8C%E5%9C%A8php.ini%E9%87%8C%E8%AE%BE%E7%BD%AEcgi.fix_pathinfo%3D1URL%E6%97%B6%EF%BC%8C%E5%9C%A8URL%E5%90%8E%E9%9D%A2%3C%2Fp%3E%3Cp%20data-track%3D%5C%229%5C%22%3E%E6%B7%BB%E5%8A%A0%E2%80%9C%2Fx.php%E2%80%9D%E7%AD%89%E5%AD%97%E7%AC%A6%E6%97%B6%EF%BC%8C%E8%AF%A5%E6%96%87%E4%BB%B6%E8%A2%ABiis%E5%BD%93php%E6%96%87%E4%BB%B6%E4%BB%A3%E7%A0%81%E8%A7%A3%E6%9E%90%3C%2Fp%3E%3Cp%20data-track%3D%5C%2210%5C%22%3E3.iis%E7%9F%AD%E6%96%87%E4%BB%B6%E8%A7%A3%E6%9E%90%3C%2Fp%3E%3Cp%20data-track%3D%5C%2211%5C%22%3E%E6%AD%A4%E6%BC%8F%E6%B4%9E%E5%AE%9E%E9%99%85%E6%98%AF%E7%94%B1HTTP%E8%AF%B7%E6%B1%82%E4%B8%AD%E7%9A%84%E4%BB%A3%E5%AD%97%E7%AC%A6%E6%B3%A2%E6%B5%AA%E5%8F%B7%E5%BC%95%E8%B5%B7%E7%9A%84%E3%80%82%E5%AE%83%E5%85%81%E8%AE%B8%E8%BF%9C%E7%A8%8B%E6%94%BB%E5%87%BB%E8%80%85%E5%9C%A8Web%E6%A0%B9%E7%9B%AE%E5%BD%95%E4%B8%8B%E5%85%AC%E5%BC%80%E6%96%87%E4%BB%B6%E5%92%8C%E6%96%87%3C%2Fp%3E%3Cp%20data-track%3D%5C%2212%5C%22%3E%E4%BB%B6%E5%A4%B9%E5%90%8D%E7%A7%B0%E3%80%82%E6%94%BB%E5%87%BB%E8%80%85%E5%8F%AF%E4%BB%A5%E6%89%BE%E5%88%B0%E9%80%9A%E5%B8%B8%E6%97%A0%E6%B3%95%E4%BB%8E%E5%A4%96%E9%83%A8%E7%9B%B4%E6%8E%A5%E8%AE%BF%E9%97%AE%E7%9A%84%E9%87%8D%E8%A6%81%E6%96%87%E4%BB%B6%2C%E5%B9%B6%E8%8E%B7%E5%8F%96%E6%9C%89%E5%85%B3%E5%BA%94%E7%94%A8%E7%A8%8B%E5%BA%8F%E5%9F%BA%E7%A1%80%E7%BB%93%E6%9E%84%E7%9A%84%E4%BF%A1%E6%81%AF%3C%2Fp%3E%3Cp%20data-track%3D%5C%2213%5C%22%3E%E5%8E%9F%E7%90%86%EF%BC%9AIIS%E7%9A%84%E7%9F%AD%E6%96%87%E4%BB%B6%E5%90%8D%E6%9C%BA%E5%88%B6%2C%E5%8F%AF%E4%BB%A5%E6%9A%B4%E5%8A%9B%E6%8B%86%E8%A7%A3%E7%9F%AD%E6%96%87%E4%BB%B6%E5%90%8D%2C%E8%AE%BF%E9%97%AE%E6%9E%84%E9%80%A0%E7%9A%84%E6%9F%90%E4%B8%AA%E5%AD%98%E5%9C%A8%E7%9A%84%E7%9F%AD%E6%96%87%E4%BB%B6%E5%90%8D%2C%E4%BC%9A%E8%BF%94%E5%9B%9E404%2C%E8%AE%BF%E9%97%AE%E6%9E%84%3C%2Fp%3E%3Cp%20data-track%3D%5C%2214%5C%22%3E%E9%80%A0%E7%9A%84%E6%9F%90%E4%B8%AA%E4%B8%8D%E5%AD%98%E5%9C%A8%E7%9A%84%E7%9F%AD%E6%96%87%E4%BB%B6%E5%90%8D%2C%E8%BF%94%E5%9B%9E400%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2215%5C%22%3E4.HTTP.SYS%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%20MS15-034%20%E5%AF%BC%E8%87%B4%E7%B3%BB%E7%BB%9F%E8%93%9D%E5%B1%8F%E6%88%96%E8%80%85%E5%B4%A9%E6%BA%83%3C%2Fp%3E%3Cp%20data-track%3D%5C%2216%5C%22%3E%E8%BF%9C%E7%A8%8B%E6%94%BB%E5%87%BB%E8%80%85%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87IIS7%E6%9C%8D%E5%8A%A1%E5%B0%86%E6%81%B6%E6%84%8F%E7%9A%84HTTP%E8%AF%B7%E6%B1%82%E4%BC%A0%E9%80%92%E7%BB%99HTTP.sys%E9%A9%B1%E5%8A%A8%EF%BC%8C%E9%80%9A%E8%BF%87%E5%8F%91%E9%80%81%E6%81%B6%E6%84%8F%E7%9A%84%3C%2Fp%3E%3Cp%20data-track%3D%5C%2217%5C%22%3EHTTP%E8%AF%B7%E6%B1%82%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%88%96%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E8%93%9D%E5%B1%8F%E3%80%82%20Windows%207%20%E3%80%81%20Windows%20Server%202008%20R2%20%E3%80%81%20Windows%20%3C%2Fp%3E%3Cp%20data-track%3D%5C%2218%5C%22%3E8%20%E3%80%81%20Windows%20Server%202012%20%E3%80%81%20Windows%208.1%20%E5%92%8C%20Windows%20Server%202012%20R2%E7%AD%89%3C%2Fp%3E%3Cp%20data-track%3D%5C%2219%5C%22%3E5.RCE%26CVE-2017-7269-Win2003_IIS6-%E7%9B%B4%E6%8E%A5%E8%8E%B7%E5%8F%96WEB%E6%9D%83%E9%99%90%EF%BC%88%E5%8F%AA%E9%80%82%E7%94%A8%E4%BA%8Eiis6.0%EF%BC%89%3C%2Fp%3E%3Cp%20data-track%3D%5C%2220%5C%22%3E6.apache%E5%A4%9A%E5%90%8E%E7%BC%80%E5%90%8D%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E%3C%2Fp%3E%3Cp%20data-track%3D%5C%2221%5C%22%3E%E5%A6%82%E6%9E%9C%E5%9C%A8apache%E4%B8%AD%E8%AE%BE%E7%BD%AEaddhandler%20application%2Fx-httpd-php%20.php%EF%BC%88%E5%88%86%E5%B8%83%E5%BC%8F%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6%EF%BC%89%E9%82%A3%E4%B9%88%EF%BC%8C%E5%9C%A8%E6%9C%89%E5%A4%9A%E4%B8%AA%3C%2Fp%3E%3Cp%20data-track%3D%5C%2222%5C%22%3E%E5%90%8E%E7%BC%80%E7%9A%84%E6%83%85%E5%86%B5%E4%B8%8B%EF%BC%8C%E5%8F%AA%E8%A6%81%E4%B8%80%E4%B8%AA%E6%96%87%E4%BB%B6%E5%90%AB%E6%9C%89.php%E5%90%8E%E7%BC%80%E7%9A%84%E6%96%87%E4%BB%B6%E5%8D%B3%E5%B0%86%E8%A2%AB%E8%AF%86%E5%88%AB%E6%88%90PHP%E6%96%87%E4%BB%B6%EF%BC%8C%E4%B8%8D%E4%B8%80%E5%AE%9A%E6%98%AF%E6%9C%80%E5%90%8E%E4%B8%80%E4%B8%AA%E5%90%8E%E7%BC%80%E3%80%82%E5%88%A9%3C%2Fp%3E%3Cp%20data-track%3D%5C%2223%5C%22%3E%E7%94%A8%E8%BF%99%E4%B8%AA%E7%89%B9%E6%80%A7%EF%BC%8C%E5%B0%86%E4%BC%9A%E9%80%A0%E6%88%90%E4%B8%80%E4%B8%AA%E5%8F%AF%E4%BB%A5%E7%BB%95%E8%BF%87%E4%B8%8A%E4%BC%A0%E7%99%BD%E5%90%8D%E5%8D%95%E7%9A%84%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E%3C%2Fp%3E%3Cp%20data-track%3D%5C%2224%5C%22%3E7.apache%E6%8D%A2%E8%A1%8C%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2017-15715%EF%BC%89%3C%2Fp%3E%3Cp%20data-track%3D%5C%2225%5C%22%3E%E5%85%B62.4.0~2.4.29%E7%89%88%E6%9C%AC%E4%B8%AD%E5%AD%98%E5%9C%A8%E4%B8%80%E4%B8%AA%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E%EF%BC%8C%E5%9C%A8%E8%A7%A3%E6%9E%90PHP%E6%97%B6%EF%BC%8C1.php%5C%5Cx0A%E5%B0%86%E8%A2%AB%E6%8C%89%E7%85%A7PHP%E5%90%8E%E7%BC%80%E8%BF%9B%E8%A1%8C%E8%A7%A3%E6%9E%90%EF%BC%8C%E5%AF%BC%E8%87%B4%3C%2Fp%3E%3Cp%20data-track%3D%5C%2226%5C%22%3E%E7%BB%95%E8%BF%87%E4%B8%80%E4%BA%9B%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2227%5C%22%3E8.Apache%20SSI%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%3C%2Fp%3E%3Cp%20data-track%3D%5C%2228%5C%22%3E%E5%BD%93%E7%9B%AE%E6%A0%87%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BC%80%E5%90%AF%E4%BA%86SSI%E4%B8%8ECGI%E6%94%AF%E6%8C%81%2C%E6%88%91%E4%BB%AC%E5%B0%B1%E5%8F%AF%E4%BB%A5%E4%B8%8A%E4%BC%A0shtml%2C%E5%88%A9%E7%94%A8%26lt%3B!–%23exec%20cmd%3D%E2%80%9Did%E2%80%9D%20–%26gt%3B%E8%AF%AD%E6%B3%95%E6%89%A7%E8%A1%8C%E5%91%BD%3C%2Fp%3E%3Cp%20data-track%3D%5C%2229%5C%22%3E%E4%BB%A4%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2230%5C%22%3E%E4%BD%BF%E7%94%A8SSI%E7%9A%84html%E6%96%87%E4%BB%B6%E6%89%A9%E5%B1%95%E5%90%8D%EF%BC%8CSSI%EF%BC%88Server%20Side%20Include)%EF%BC%8C%E9%80%9A%E5%B8%B8%E7%A7%B0%E4%B8%BA%26%2334%3B%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%3C%2Fp%3E%3Cp%20data-track%3D%5C%2231%5C%22%3E%E5%B5%8C%E5%85%A5%26%2334%3B%E6%88%96%E8%80%85%E5%8F%AB%26%2334%3B%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E5%8C%85%E5%90%AB%26%2334%3B%EF%BC%8C%E6%98%AF%E4%B8%80%E7%A7%8D%E7%B1%BB%E4%BC%BC%E4%BA%8EASP%E7%9A%84%E5%9F%BA%E4%BA%8E%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E7%BD%91%E9%A1%B5%E5%88%B6%E4%BD%9C%E6%8A%80%E6%9C%AF%E3%80%82%E9%BB%98%E8%AE%A4%E6%89%A9%E5%B1%95%E5%90%8D%E6%98%AF%20%3C%2Fp%3E%3Cp%20data-track%3D%5C%2232%5C%22%3E.stm%E3%80%81.shtm%20%E5%92%8C%20.shtml%3C%2Fp%3E%3Cp%20data-track%3D%5C%2233%5C%22%3E9.JBoss%205.x%2F6.x%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%EF%BC%88CVE-2017-12149%EF%BC%89%3C%2Fp%3E%3Cp%20data-track%3D%5C%2234%5C%22%3E%E8%AF%A5%E6%BC%8F%E6%B4%9E%E4%B8%BA%20Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E9%94%99%E8%AF%AF%E7%B1%BB%E5%9E%8B%EF%BC%8C%E5%AD%98%E5%9C%A8%E4%BA%8E%20Jboss%20%E7%9A%84%20HttpInvoker%20%E7%BB%84%E4%BB%B6%E4%B8%AD%E7%9A%84%20ReadOnlyAccessFilter%20%3C%2Fp%3E%3Cp%20data-track%3D%5C%2235%5C%22%3E%E8%BF%87%E6%BB%A4%E5%99%A8%E4%B8%AD%E3%80%82%E8%AF%A5%E8%BF%87%E6%BB%A4%E5%99%A8%E5%9C%A8%E6%B2%A1%E6%9C%89%E8%BF%9B%E8%A1%8C%E4%BB%BB%E4%BD%95%E5%AE%89%E5%85%A8%E6%A3%80%E6%9F%A5%E7%9A%84%E6%83%85%E5%86%B5%E4%B8%8B%E5%B0%9D%E8%AF%95%E5%B0%86%E6%9D%A5%E8%87%AA%E5%AE%A2%E6%88%B7%E7%AB%AF%E7%9A%84%E6%95%B0%E6%8D%AE%E6%B5%81%E8%BF%9B%E8%A1%8C%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%EF%BC%8C%E4%BB%8E%E8%80%8C%3C%2Fp%3E%3Cp%20data-track%3D%5C%2236%5C%22%3E%E5%AF%BC%E8%87%B4%E4%BA%86%E6%BC%8F%E6%B4%9E%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2237%5C%22%3E%E5%BD%B1%E5%93%8D%EF%BC%9AJboss%205.x%E5%92%8C%20Jboss%206.x%3C%2Fp%3E%3Cp%20data-track%3D%5C%2238%5C%22%3E%E6%A3%80%E6%B5%8B%EF%BC%9A%2Finvoker%2Freadonly%20%E8%8B%A5%E6%98%BE%E7%A4%BAHTTP%20status%20500%EF%BC%8C%E5%88%99%E8%AF%B4%E6%98%8E%E6%BC%8F%E6%B4%9E%E5%8F%AF%E8%83%BD%E5%AD%98%E5%9C%A8%3C%2Fp%3E%3Cp%20data-track%3D%5C%2239%5C%22%3E%E5%88%A9%E7%94%A8%EF%BC%9AJboss%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96_CVE-2017-12149.jar%3C%2Fp%3E%3Cp%20data-track%3D%5C%2240%5C%22%3E%E4%BF%AE%E5%A4%8D%EF%BC%9A%E5%8D%87%E7%BA%A7%E7%89%88%E6%9C%AC%E6%88%96%E4%B8%8D%E9%9C%80%E8%A6%81%E7%9A%84http-invoker.sar%E7%BB%84%E4%BB%B6%2C%E5%88%A0%E9%99%A4%E6%AD%A4%E7%BB%84%E4%BB%B6%3C%2Fp%3E%3Cp%20data-track%3D%5C%2241%5C%22%3E%E4%B8%8B%E8%BD%BD%EF%BC%9Ahttps%3A%2F%2Fgithub.com%2Fyunxu1%2Fjboss-_CVE-2017-12149%3C%2Fp%3E%3Cp%20data-track%3D%5C%2242%5C%22%3E9.1%20%3C%2Fp%3E%3Cp%20data-track%3D%5C%2243%5C%22%3E%20JBoss%20JMXInvokerServlet%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%3C%2Fp%3E%3Cp%20data-track%3D%5C%2244%5C%22%3E%E5%BD%B1%E5%93%8D%EF%BC%9AJboss%204.X%3C%2Fp%3E%3Cp%20data-track%3D%5C%2245%5C%22%3E%E6%A3%80%E6%B5%8B%EF%BC%9A%2Finvoker%2FJMXInvokerServlet%E8%AE%BF%E9%97%AE%E8%8B%A5%E6%8F%90%E7%A4%BA%E4%B8%8B%E8%BD%BD%EF%BC%8C%E5%88%99%E5%8F%AF%E8%83%BD%E5%AD%98%E5%9C%A8%E6%BC%8F%E6%B4%9E%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2246%5C%22%3E%E5%88%A9%E7%94%A8%EF%BC%9AJboss%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96_CVE-2017-12149.jar%3C%2Fp%3E%3Cp%20data-track%3D%5C%2247%5C%22%3E%E4%BF%AE%E5%A4%8D%EF%BC%9A%E5%8D%87%E7%BA%A7%E7%89%88%E6%9C%AC%3C%2Fp%3E%3Cp%20data-track%3D%5C%2248%5C%22%3E9.2%3C%2Fp%3E%3Cp%20data-track%3D%5C%2249%5C%22%3E%E6%A1%88%E4%BE%8B2-JBoos-%E5%BC%B1%E5%8F%A3%E4%BB%A4%E5%AE%89%E5%85%A8-4.X%265.X%266.X%3C%2Fp%3E%3Cp%20data-track%3D%5C%2250%5C%22%3EJboss4.x%E5%8F%8A%E5%85%B6%E4%B9%8B%E5%89%8D%E7%9A%84%E7%89%88%E6%9C%AC%20console%20%E7%AE%A1%E7%90%86%E8%B7%AF%E5%BE%84%E4%B8%BA%2Fjmx-console%2F%E5%92%8C%2Fweb-console%2F%EF%BC%8C%E5%AF%86%E7%A0%81%E5%AD%98%3C%2Fp%3E%3Cp%20data-track%3D%5C%2251%5C%22%3E%E5%82%A8%EF%BC%9A%2Fopt%2Fjboss%2Fjboss4%2Fserver%2Fdefault%2Fconf%2Fprops%2Fjmx-console-users.properties%3C%2Fp%3E%3Cp%20data-track%3D%5C%2252%5C%22%3EJboss5.x%E5%BC%80%E5%A7%8B%E5%BC%83%E7%94%A8%E4%BA%86%20web-console%20%EF%BC%8C%E5%A2%9E%E5%8A%A0%E4%BA%86admin-console%EF%BC%8C%3C%2Fp%3E%3Cp%20data-track%3D%5C%2253%5C%22%3EJboss5.x%2F6.x%E7%89%88%E6%9C%ACconsole%E8%B7%AF%E5%BE%84%E4%B8%BA%2Fjmx-console%2F%E5%92%8C%2Fadmin-console%2F%EF%BC%8C%3C%2Fp%3E%3Cp%20data-track%3D%5C%2254%5C%22%3E%E5%AF%86%E7%A0%81%E5%AD%98%E5%82%A8%EF%BC%9Ajboss%2Fserver%2Fdefault%2Fconf%2Fprops%2Fjmx-console-users.properties%3C%2Fp%3E%3Cp%20data-track%3D%5C%2255%5C%22%3E9.3%3C%2Fp%3E%3Cp%20data-track%3D%5C%2256%5C%22%3EJBoos%204.X%20%E5%BC%B1%E5%8F%A3%E4%BB%A4%E7%AE%A1%E7%90%86%E5%90%8E%E5%8F%B0%E9%83%A8%E7%BD%B2war%E5%8C%85getshell%3C%2Fp%3E%3Cp%20data-track%3D%5C%2257%5C%22%3ECVE-2017-7504%E5%90%AF%E5%8A%A8%E7%8E%AF%E5%A2%83%20%E5%BC%B1%E5%8F%A3%E4%BB%A4%EF%BC%9Aadmin%2Fadmin%3C%2Fp%3E%3Cp%20data-track%3D%5C%2258%5C%22%3Ea%E3%80%81%E8%AE%BF%E9%97%AE%EF%BC%9A%2Fjmx-console%2FHtmlAdaptor%3F%3C%2Fp%3E%3Cp%20data-track%3D%5C%2259%5C%22%3Eaction%3DinspectMBean%26name%3Djboss.deployment%3Atype%3DDeploymentScanner%2Cflavor%3DURL%3C%2Fp%3E%3Cp%20data-track%3D%5C%2260%5C%22%3Eb%E3%80%81%E7%94%9F%E6%88%90war%E5%8C%85%E9%83%A8%E7%BD%B2%E8%87%AA%E5%B7%B1%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8A%EF%BC%9Ahttp%3A%2F%2Ftest.xiaodi8.com%2Fone.war%3C%2Fp%3E%3Cp%20data-track%3D%5C%2261%5C%22%3Ec%E3%80%81%E6%89%BE%E5%88%B0void%20addURL%EF%BC%8C%E5%9C%A8ParamValue%E5%A1%AB%E5%85%A5%E6%88%91%E4%BB%AC%E8%BF%9C%E7%A8%8B%E7%9A%84war%E5%8C%85%EF%BC%8C%E7%82%B9%E5%87%BBinvoke%3C%2Fp%3E%3Cp%20data-track%3D%5C%2262%5C%22%3Ed%E3%80%81%E6%8F%90%E7%A4%BA%E6%88%90%E5%8A%9F%E5%90%8E%EF%BC%8C%E8%AE%BF%E9%97%AE%2Fone%2Fone.jsp%E8%A7%A6%E5%8F%91%E5%90%8E%E9%97%A8%3C%2Fp%3E%3Cp%20data-track%3D%5C%2263%5C%22%3E9.4%3C%2Fp%3E%3Cp%20data-track%3D%5C%2264%5C%22%3EJBoos%205%2F6.X%20%E5%BC%B1%E5%8F%A3%E4%BB%A4%E7%AE%A1%E7%90%86%E5%90%8E%E5%8F%B0%E9%83%A8%E7%BD%B2war%E5%8C%85getshell%3C%2Fp%3E%3Cp%20data-track%3D%5C%2265%5C%22%3ECVE-2017-12149%E5%90%AF%E5%8A%A8%E7%8E%AF%E5%A2%83%20%E5%BC%B1%E5%8F%A3%E4%BB%A4%EF%BC%9Aadmin%2Fvulhub%3C%2Fp%3E%3Cp%20data-track%3D%5C%2266%5C%22%3Ea%E3%80%81Applications-%26gt%3BWeb%20Application%20s-%26gt%3BAdd%20a%20new%20resource%3C%2Fp%3E%3Cp%20data-track%3D%5C%2267%5C%22%3Eb%E3%80%81%E7%94%9F%E6%88%90war%E5%8C%85%EF%BC%8C%E4%B8%8A%E4%BC%A0%EF%BC%8C%E7%A1%AE%E5%AE%9A%3C%2Fp%3E%3Cp%20data-track%3D%5C%2268%5C%22%3Ec%E3%80%81%E7%A1%AE%E5%AE%9A%E6%B7%BB%E5%8A%A0%E5%90%8E%EF%BC%8C%E8%AE%BF%E9%97%AE%2Fone%2Fone.jsp%E8%A7%A6%E5%8F%91%E5%90%8E%E9%97%A8%3C%2Fp%3E%3Cp%20data-track%3D%5C%2269%5C%22%3E9.5%3Cbr%3E%3Cbr%3ENginx%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E%3C%2Fp%3E%3Cp%20data-track%3D%5C%2271%5C%22%3E%E7%94%B1%E4%BA%8Enginx.conf%E9%85%8D%E7%BD%AE%E5%AF%BC%E8%87%B4nginx%E6%8A%8A%E4%BB%A5%E2%80%99.php%E2%80%99%E7%BB%93%E5%B0%BE%E7%9A%84%E6%96%87%E4%BB%B6%E4%BA%A4%E7%BB%99fastcgi%E5%A4%84%E7%90%86%3C%2Fp%3E%3Cp%20data-track%3D%5C%2272%5C%22%3E9.6%3Cbr%3E%3Cbr%3ENginx%E6%96%87%E4%BB%B6%E5%90%8D%E9%80%BB%E8%BE%91%E6%BC%8F%E6%B4%9E%20CVE-2013-4547%3A%3C%2Fp%3E%3Cp%20data-track%3D%5C%2274%5C%22%3E%E8%80%8C%E5%AD%98%E5%9C%A8CVE-2013-4547%E7%9A%84%E6%83%85%E5%86%B5%E4%B8%8B%EF%BC%8C%E6%88%91%E4%BB%AC%E8%AF%B7%E6%B1%82%601.gif%5B0x20%5D%5B0x00%5D.php%60%EF%BC%8C%E8%BF%99%E4%B8%AAURI%E5%8F%AF%E4%BB%A5%E5%8C%B9%E9%85%8D%E4%B8%8A%E6%AD%A3%E5%88%99%60%5C%5C.php%3C%2Fp%3E%3Cp%20data-track%3D%5C%2275%5C%22%3E%24%60%EF%BC%8C%E5%8F%AF%E4%BB%A5%E8%BF%9B%E5%85%A5%E8%BF%99%E4%B8%AALocation%E5%9D%97%EF%BC%9B%E4%BD%86%E8%BF%9B%E5%85%A5%E5%90%8E%EF%BC%8CNginx%E5%8D%B4%E9%94%99%E8%AF%AF%E5%9C%B0%E8%AE%A4%E4%B8%BA%E8%AF%B7%E6%B1%82%E7%9A%84%E6%96%87%E4%BB%B6%E6%98%AF%601.gif%5B0x20%5D%60%EF%BC%8C%E5%B0%B1%E8%AE%BE%E7%BD%AE%E5%85%B6%3C%2Fp%3E%3Cp%20data-track%3D%5C%2276%5C%22%3E%E4%B8%BA%60SCRIPT_FILENAME%60%E7%9A%84%E5%80%BC%E5%8F%91%E9%80%81%E7%BB%99fastcgi%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2277%5C%22%3E%E5%BD%B1%E5%93%8D%E7%89%88%E6%9C%AC%EF%BC%9ANginx%200.8.41%20~%201.4.3%20%2F%201.5.0%20~%201.5.7%3C%2Fp%3E%3Cp%20data-track%3D%5C%2278%5C%22%3E9.7%3Cbr%3E%3Cbr%3ETomcat-%E9%85%8D%E7%BD%AE-%E5%BC%B1%E5%8F%A3%E4%BB%A4%26%E7%88%86%E7%A0%B4%3A%3C%2Fp%3E%3Cp%20data-track%3D%5C%2280%5C%22%3ETomcat%E5%AD%98%E5%9C%A8%E5%90%8E%E5%8F%B0%E7%AE%A1%E7%90%86%EF%BC%8C%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E8%AE%BE%E7%BD%AE%E5%9C%A8conf%2Ftomcat-users.xml%3C%2Fp%3E%3Cp%20data-track%3D%5C%2281%5C%22%3E%E5%8F%AF%E8%83%BD%E5%AD%98%E5%9C%A8%E7%9A%84%E5%AE%89%E5%85%A8%E9%97%AE%E9%A2%98%EF%BC%9A%E5%BC%B1%E5%8F%A3%E4%BB%A4%E6%88%96%E7%88%86%E7%A0%B4%3C%2Fp%3E%3Cp%20data-track%3D%5C%2282%5C%22%3E9.8%3Cbr%3E%3Cbr%3ETomcat-put%E6%96%B9%E6%B3%95%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%86%99%E5%85%A5%E6%BC%8F%E6%B4%9E%EF%BC%9A%3C%2Fp%3E%3Cp%20data-track%3D%5C%2284%5C%22%3E%E6%BC%8F%E6%B4%9E%E6%9C%AC%E8%B4%A8Tomcat%E9%85%8D%E7%BD%AE%E4%BA%86%E5%8F%AF%E5%86%99%EF%BC%88readonly%3Dfalse%EF%BC%89%EF%BC%8C%E5%AF%BC%E8%87%B4%E5%8F%AF%E4%BB%A5%E5%BE%80%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%86%99%E6%96%87%E4%BB%B6%3C%2Fp%3E%3Cp%20data-track%3D%5C%2285%5C%22%3E9.9%3Cbr%3E%3Cbr%3ETomcat%20AJP%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%2F%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E%EF%BC%9A%3C%2Fp%3E%3Cp%20data-track%3D%5C%2287%5C%22%3E%E7%94%B1%E4%BA%8E%20Tomcat%20AJP%20%E5%8D%8F%E8%AE%AE%E4%B8%AD%E7%9A%84%E4%B8%80%E4%B8%AA%E7%BC%BA%E9%99%B7%EF%BC%8C%E6%94%BB%E5%87%BB%E8%80%85%E5%8F%AF%E4%BB%A5%E8%AF%BB%E5%8F%96%E6%88%96%E5%8C%85%E5%90%AB%20Tomcat%20%E7%9A%84%20webapp%20%E7%9B%AE%E5%BD%95%E4%B8%AD%E7%9A%84%E4%BB%BB%E4%BD%95%E6%96%87%E4%BB%B6%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2288%5C%22%3E%E4%BE%8B%E5%A6%82%EF%BC%8C%E6%94%BB%E5%87%BB%E8%80%85%E5%8F%AF%E4%BB%A5%E8%AF%BB%E5%8F%96%20webapp%20%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6%E6%88%96%E6%BA%90%E4%BB%A3%E7%A0%81%E3%80%82%E6%AD%A4%E5%A4%96%EF%BC%8C%E5%A6%82%E6%9E%9C%E7%9B%AE%E6%A0%87Web%E5%BA%94%E7%94%A8%E7%A8%8B%E5%BA%8F%E5%85%B7%E6%9C%89%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E5%8A%9F%E8%83%BD%EF%BC%8C%3C%2Fp%3E%3Cp%20data-track%3D%5C%2289%5C%22%3E%E6%94%BB%E5%87%BB%E8%80%85%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87Ghostcat%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E5%9C%A8%E7%9B%AE%E6%A0%87%E4%B8%BB%E6%9C%BA%E4%B8%8A%E6%89%A7%E8%A1%8C%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E3%80%82%3C%2Fp%3E%3Cp%20data-track%3D%5C%2290%5C%22%3E%E5%BD%B1%E5%93%8D%E7%89%88%E6%9C%AC%20Tomcat%206%3C%2Fp%3E%3Cp%20data-track%3D%5C%2291%5C%22%3ETomcat%207%E7%B3%BB%E5%88%97%20%26lt%3B7.0.100%3C%2Fp%3E%3Cp%20data-track%3D%5C%2292%5C%22%3ETomcat%208%E7%B3%BB%E5%88%97%20%26lt%3B%208.5.51%3C%2Fp%3E%3Cp%20data-track%3D%5C%2293%5C%22%3ETomcat%209%20%E7%B3%BB%E5%88%97%20%26lt%3B9.0.31%3C%2Fp%3E%22%2C%22imageList%22%3A%5B%5D%2C%22mediaInfo%22%3A%7B%22userId%22%3A%22MS4wLjABAAAAdHtcUFUXrqnprkNpQb2aXIS9-PGfzp59Wv4hSAxyV-E%22%2C%22unsafeUserId%22%3A%2267513255189%22%2C%22name%22%3A%22%E4%BB%81%E4%BB%81%E7%BD%91%E7%BB%9C%E7%A7%91%E6%8A%80%22%2C%22avatarUrl%22%3A%22https%3A%2F%2Fsf6-cdn-tos.toutiaostatic.com%2Fimg%2Fuser-avatar%2F0591345d77b90e79d0ec1230a87e6882~300×300.image%22%2C%22description%22%3A%22%E4%B8%BB%E8%A6%81%E7%A0%94%E7%A9%B6%E6%96%B9%E5%90%91%3A%20web%E5%AE%89%E5%85%A8%E3%80%81App%E5%AE%89%E5%85%A8%E3%80%81%E6%95%B0%E6%8D%AE%E5%BA%93%E5%AE%89%E5%85%A8%22%2C%22userVerified%22%3A1%7D%2C%22seoTDK%22%3A%7B%22title%22%3A%22%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E4%B9%8B%E5%B8%B8%E8%A7%81web%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E-%E4%BB%8A%E6%97%A5%E5%A4%B4%E6%9D%A1%22%2C%22description%22%3A%221.iis6.0%20put%E4%B8%8A%E4%BC%A0iis%20server%20%E5%9C%A8web%E6%9C%8D%E5%8A%A1%E6%89%A9%E5%B1%95%E4%B8%AD%E5%BC%80%E5%90%AF%E4%BA%86webdav%EF%BC%8C%E9%85%8D%E7%BD%AE%E4%BA%86%E5%8F%AF%E4%BB%A5%E5%86%99%E5%85%A5%E7%9A%84%E6%9D%83%E9%99%90%EF%BC%8C%E5%AF%BC%E8%87%B4%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A02.iis6.0%20%22%2C%22keywords%22%3A%22Windows%207%2C%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%2CWindows%20Server%2CWindows%2CApache%2CASP%2CPHP%2CJava%2C%E7%BD%91%E9%A1%B5%E8%AE%BE%E8%AE%A1%2CHTML%2C%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%22%2C%22publishTimestamp%22%3A%221627607679%22%2C%22modifiedTimestamp%22%3A%221681655452%22%7D%2C%22cover%22%3A%22%22%2C%22logId%22%3A%2220230610075111C4B7A12F89DD647D5A24%22%2C%22sylpageConfig%22%3A%7B%22card%22%3A%7B%22id%22%3A%22%22%7D%7D%2C%22identity%22%3A%7B%22web_id%22%3A%227215488735357814328%22%2C%22user_is_login%22%3Afalse%7D%2C%22abtestInfo%22%3A%7B%22rsp_type%22%3A5%2C%22version_name%22%3A%224938400%22%2C%22parameters%22%3A%7B%22filter%22%3A%7B%22debug_enable_pc_small_video%22%3Afalse%2C%22enable_pc_small_video%22%3Atrue%7D%2C%22home_nav_conf%22%3A%7B%22dcd_out%22%3A1%7D%2C%22optimus%22%3A%7B%22rule_rank_rules%22%3A%22ranking_rule_list%20%7B%5Cn%20%20id%3A%201221233%5Cn%20priority%3A%200%5Cn%20tags%3A%20%5C%2212123%5C%22%5Cn%20%20enabled%3A%20true%5Cn%20%20type%3A%20CARD%5Cn%20%20card_rule%20%7B%5Cn%20size%3A%202%5Cn%20type%3A%20SAME_SLOT%20%5Cn%7D%5Cn%20%7D%5Cn%20ranking_rule_list%20%7B%5Cn%20%20id%3A%2020458%5Cn%20%20priority%3A%203%5Cn%20%20enabled%3A%20true%5Cn%20%20category%3A%2020458%5Cn%20%20type%3A%20WINDOW%5Cn%20%20window_rule%20%7B%5Cn%20%20%20%20type%3A%20SLIDE%5Cn%20%20%20%20size%3A%203%5Cn%20%20%20%20max%3A%201%5Cn%20%20%7D%5Cn%7D%5Cn%20ranking_rule_list%20%7B%5Cn%20%20id%3A%201111024%5Cn%20priority%3A%200%5Cn%20tags%3A%20%5C%2211024%5C%22%5Cn%20%20enabled%3A%20true%5Cn%20%20type%3A%20CARD%5Cn%20%20card_rule%20%7B%5Cn%20size%3A%206%5Cn%20type%3A%20SAME_SLOT%20%5Cn%7D%5Cn%20%7D%22%7D%2C%22page_upgrade%22%3A%7B%22new_profile%22%3Atrue%2C%22video_double_column%22%3Atrue%7D%2C%22recall%22%3A%7B%22debug_filter_reason_list%22%3A%5B%5D%2C%22debug_recall_reason_list%22%3A%5B70%2C71%2C72%2C73%2C80%2C83%5D%2C%22enable_debug_filter_reason%22%3Atrue%2C%22enable_debug_recall_reason%22%3Atrue%2C%22friend_feed%22%3A%7B%22control_nums%22%3A1500%2C%22count%22%3A1000%2C%22enable%22%3Atrue%2C%22enable_cpp_friend_feed%22%3Atrue%2C%22enable_friend_feed_container_filter%22%3Atrue%2C%22enable_group_status_filter%22%3Atrue%2C%22params%22%3A%7B%7D%2C%22top_k%22%3A10%2C%22use_new_friend_recall%22%3Atrue%2C%22valid_group_source%22%3A%5B2%2C5%2C15%2C23%2C16%2C19%2C21%2C132%5D%2C%22weight%22%3A20%7D%7D%2C%22seraph%22%3A%7B%22rule_rank_rules_pc_small%22%3A%22%5Cn%20%20%20%20%20%20ranking_rule_list%20%7B%5Cn%20%20%20%20%20%20%20%20%20id%3A%2022124%20%5Cn%20%20%20%20%20%20%20%20%20priority%3A%200%20%5Cn%20%20%20%20%20%20%20%20%20tags%3A%20%5C%2222124%5C%22%20%5Cn%20%20%20%20%20%20%20%20%20enabled%3A%20true%20%5Cn%20%20%20%20%20%20%20%20%20type%3A%20CARD%20%5Cn%20%20%20%20%20%20%20%20%20card_rule%20%7B%20%5Cn%20%20%20%20%20%20%20%20%20size%3A%206%20%5Cn%20%20%20%20%20%20%20%20%20num_cards%3A%201%5Cn%20%20%20%20%20%20%20%20%20type%3A%20SAME_SLOT%20%5Cn%20%20%20%20%20%20%20%7D%5Cn%20%20%20%20%20%20%7D%5Cn%20%20%20%20%22%2C%22rule_rank_rules_pc_small_window%22%3A%22%5Cn%20%20%20%20%20%20ranking_rule_list%20%7B%5Cn%20%20%20%20id%3A%20222124%5Cn%20%20%20priority%3A%200%5Cn%20%20%20tags%3A%20%5C%2222124%5C%22%5Cn%20%20%20%20enabled%3A%20false%5Cn%20%20%20%20type%3A%20WINDOW%5Cn%20%20%20%20window_rule%20%7B%5Cn%20%20%20type%3A%20SLIDE%20%5Cn%20%20%20size%3A%2012%20%5Cn%20%20%20max%3A%206%20%5Cn%20%20%20%7D%5Cn%20%20%20%7D%22%7D%2C%22small_sort%22%3A%7B%22enable_filter_zhanwai%22%3Atrue%2C%22filter_genre_plog%22%3Afalse%2C%22filter_genre_small%22%3Afalse%2C%22skip_small_app_version_filter%22%3Afalse%2C%22skip_small_genre_filter%22%3Afalse%7D%2C%22sort%22%3A%7B%22allowed_ticai%22%3A%5B%22forum_post%22%2C%22pgc_text%22%2C%22pgc_video%22%2C%22short_video%22%5D%2C%22enable_optimus_gen_pc_mv_card%22%3Atrue%2C%22enable_optimus_gen_pc_sv_card%22%3Atrue%2C%22enable_pc_skip_app_smallvideo_card%22%3Atrue%7D%2C%22ugc_sort%22%3A%7B%22expore_smallvideo%22%3Atrue%7D%2C%22video_channel%22%3A%7B%22use_feed%22%3A1%2C%22rank%22%3A5%7D%7D%2C%22env_flag%22%3A0%7D%2C%22localCityInfo%22%3A%7B%22name%22%3A%22%E7%83%9F%E5%8F%B0%22%2C%22code%22%3A%22370600%22%2C%22channelId%22%3A3202164649%7D%2C%22voteLink%22%3A%5B%7B%22keyword%22%3A%22%E5%A4%A7%E5%94%90%EF%BC%9A%E6%88%91%E6%98%AF%E5%A4%A7%E4%BD%AC%E6%88%91%E6%91%8A%E7%89%8C%E4%BA%86%22%2C%22type%22%3A%22%E5%B0%8F%E8%AF%B4%22%2C%22url%22%3A%22https%3A%2F%2Ffanqienovel.com%2Fpage%2F6955812278000159775%22%7D%2C%7B%22keyword%22%3A%22%E7%8B%90%E5%A6%96%E5%B0%8F%E7%BA%A2%E5%A8%98%EF%BC%9A%E6%88%91%E5%9C%A8%E6%B6%82%E5%B1%B1%E5%BD%93%E5%A6%96%E7%8E%8B%22%2C%22type%22%3A%22%E5%B0%8F%E8%AF%B4%22%2C%22url%22%3A%22https%3A%2F%2Ffanqienovel.com%2Fpage%2F7049626651361020967%22%7D%2C%7B%22keyword%22%3A%22%E6%8E%89%E9%A9%AC%E5%90%8E%EF%BC%8C%E7%8E%84%E5%AD%A6%E8%80%81%E7%A5%96%E5%AE%97%E5%A5%B9%E7%81%AB%E7%88%86%E5%85%A8%E7%90%83%22%2C%22type%22%3A%22%E5%B0%8F%E8%AF%B4%22%2C%22url%22%3A%22https%3A%2F%2Ffanqienovel.com%2Fpage%2F6956147821338692644%22%7D%2C%7B%22keyword%22%3A%22%E5%BF%AB%E7%A9%BF%EF%BC%9A%E5%A5%B3%E4%B8%BB%E6%80%BB%E8%A7%89%E5%BE%97%E5%8F%8D%E6%B4%BE%E4%BB%96%E8%BA%AB%E5%A8%87%E4%BD%93%E8%BD%AF%22%2C%22type%22%3A%22%E5%B0%8F%E8%AF%B4%22%2C%22url%22%3A%22https%3A%2F%2Ffanqienovel.com%2Fpage%2F6866805735523617804%22%7D%2C%7B%22keyword%22%3A%22%22%2C%22type%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.volcengine.com%2Ftheme%2F1469087-S-7-1%22%7D%2C%7B%22keyword%22%3A%22%22%2C%22type%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.volcengine.com%2Ftheme%2F1469081-S-7-1%22%7D%2C%7B%22keyword%22%3A%22%22%2C%22type%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.volcengine.com%2Ftheme%2F1469082-S-7-1%22%7D%2C%7B%22keyword%22%3A%22%22%2C%22type%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.volcengine.com%2Ftheme%2F1469086-S-7-1%22%7D%2C%7B%22keyword%22%3A%22%CA%B2%C3%B4%22%2C%22type%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.volcengine.com%2Ftheme%2F1469074-S-7-1%22%7D%2C%7B%22keyword%22%3A%22%22%2C%22type%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.volcengine.com%2Ftheme%2F1469083-S-7-1%22%7D%5D%2C%22grSensitive%22%3Afalse%2C%22showResearch%22%3Afalse%2C%22blockVisibility%22%3A%7B%22hotBoard%22%3Atrue%2C%22hotVideo%22%3Atrue%2C%22relatedRecommend%22%3Atrue%7D%2C%22isGreyTheme%22%3Afalse%2C%22searchBot%22%3Anull%7D%7D,可以进入这个Location块;但进入后,Nginx却错误地认为请求的文件是`1.gif[0x20]`,就设置其
为`SCRIPT_FILENAME`的值发送给fastcgi。
影响版本:Nginx 0.8.41 ~ 1.4.3 / 1.5.0 ~ 1.5.7
9.7Tomcat-配置-弱口令&爆破:
Tomcat存在后台管理,账号密码设置在conf/tomcat-users.xml
可能存在的安全问题:弱口令或爆破
9.8Tomcat-put方法任意文件写入漏洞:
漏洞本质Tomcat配置了可写(readonly=false),导致可以往服务器写文件
9.9Tomcat AJP 任意文件读取/包含漏洞:
由于 Tomcat AJP 协议中的一个缺陷,攻击者可以读取或包含 Tomcat 的 webapp 目录中的任何文件。
例如,攻击者可以读取 webapp 配置文件或源代码。此外,如果目标Web应用程序具有文件上传功能,
攻击者可以通过Ghostcat漏洞利用文件包含在目标主机上执行恶意代码。
影响版本 Tomcat 6
Tomcat 7系列 <7.0.100
Tomcat 8系列 < 8.5.51
Tomcat 9 系列 <9.0.31
以上就是朝夕生活(www.30zx.com)关于“网络安全之常见web中间件漏洞”的详细内容,希望对大家有所帮助!
