CVE-2019-11043 PHP RCE 复现
这里用的是Docker 镜像
docker pull php:7.2.3-fpm docker pull nginx
然后启动一个php
echo '<?php phpinfo();>' /var/www/html/index.php docker run --name phpfpm -d -v /var/www/html:/app docker.io/php
然后配置然后是Nginx 的配置文件
文件放在/root/nginx.conf
user root root; worker_processes auto; error_log /tmp/nginx_error.log crit; pid /tmp/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; multi_accept on; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 512; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 50m; server { listen 80; server_name www.test.cn; index index.html index.htm index.php; root /app; location ~ [^/]\.php(/|$){ fastcgi_split_path_info ^(.+?\.php)(/.*)$; include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; fastcgi_param REDIRECT_STATUS 200; fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /app; fastcgi_pass phpfpm:9000; } access_log /tmp/access.log; } }
启动Nginx
docker run --name nginx_server -d -p 8080:80 --link phpfpm:phpfpm -v /root/nginx.conf:/etc/nginx/nginx.conf --volumes-from phpfpm nginx
访问一下测试OK
然后下载工具
https://github.com/neex/phuip-fpizdam:
然后访问
http://your-ip:8080/index.php?a=id