インフラエンジニアã¨ã—ã¦ã‚ˆã使ã†ã‚³ãƒžãƒ³ãƒ‰é›† - QiitaDeleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article?
BASHã®è„†å¼±æ€§ã§CGIモードã§å‹•ã„ã¦ã‚‹PHPã«ã‚¢ãƒ¬ã•ã›ã¦ã¿ã¾ã—㟠- dogmap.jp
タイトルã¯ãƒ‘クリ 元記事: BASHã®è„†å¼±æ€§ã§CGIスクリプトã«ã‚¢ãƒ¬ã•ã›ã¦ã¿ã¾ã—㟠– ブãƒã‚° – ãƒ¯ãƒ«ãƒ–ãƒªãƒƒã‚¯ã‚¹æ ªå¼ä¼šç¤¾ sakura ã®ãƒ¬ãƒ³ã‚¿ãƒ«ã‚µãƒ¼ãƒãŒ cgi モード㧠php å‹•ã‹ã—ã¦ã‚‹ã‚ˆãªãƒ¼ã¨æ€ã£ã¦ãƒ†ã‚¹ãƒˆã—ã¦ã¿ãŸã‚‰ã§ãã¾ã—ãŸã€‚ # テストスクリプトã¯å‰Šé™¤æ¸ˆã¿ã§ã™ã€‚ test.php test.sh #!/usr/local/bin/bash echo "Content-type: text/plain" echo echo "Hi! I'm an ordinary CGI script which is executed by /usr/local/bin/bash" çµæžœ : Apache CGI版 PHP $ curl -A '() { :;}; echo Content-type:text/plain;echo;/bin/cat test.php' http://wokam
Blog: bashã®è„†å¼±æ€§ãŒãƒ¤ãƒã™ãŽã‚‹ä»¶ – x86-64.jp - ãã‚Šã™ç ”
Browse by time: December 2018 (1) December 2016 (1) December 2015 (1) January 2015 (1) September 2014 (2) July 2014 (2) April 2014 (1) February 2014 (1) January 2014 (3) December 2013 (2) September 2013 (3) June 2013 (1) May 2013 (1) April 2013 (1) March 2013 (2) February 2013 (5) ã‚„ã£ã¨æ›´æ–°ã™ã‚‹æ°—ã«ãªã£ãŸã€‚ ã‚‚ã㘠0. 産æ¥ã§èª¬æ˜Ž 1. ç†è«–ç·¨ 2. 攻撃編 3. パッム4. çµè«– 0. 産æ¥ã§èª¬æ˜Ž bash㌠アホ㧠地çƒãŒãƒ¤ãƒã‚¤ 1. ç†è«–ç·¨ bashã®é–¢æ•°æ©Ÿèƒ½ã¯ã€ç’°å¢ƒå¤‰æ•°ã®ä¸ã§ã‚‚使ãˆã‚‹ä»•æ§˜ã«ãªã£ã¦ã„ã¾ã™
shellshock - What does env x='() { :;}; command' bash do and why is it insecure? - Unix & Linux Stack Exchange
There is apparently a vulnerability (CVE-2014-6271) in bash: Bash specially crafted environment variables code injection attack I am trying to figure out what is happening, but I'm not entirely sure I understand it. How can the echo be executed as it is in single quotes? $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test EDIT 1: A patched system looks like
1
ランã‚ング
ランã‚ング
ランã‚ング
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}