Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-7490 PoC — uWSGI 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-7490.yaml
Associated Vulnerability
Title:uWSGI 路径遍历漏洞 (CVE-2018-7490)
Description:uWSGI是一款Web应用程序服务器,它实现了WSGI、uwsgi和http等协议。 uWSGI 2.0.17之前版本中存在路径遍历漏洞,该漏洞源于程序没有正确的处理DOCUMENT_ROOT检测。攻击者可通过发送带有‘..’序列的特制URL请求利用该漏洞查看系统上的任意文件。
Description
uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.
File Snapshot

 id: CVE-2018-7490

info:
  name: uWSGI PHP Plugin Local File Inclusion
  author: madrobot
  severity

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.