mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-14 08:57:55 +00:00
GitBook: [master] one page modified
This commit is contained in:
parent
650cee2e50
commit
47cae5fddd
1 changed files with 4 additions and 0 deletions
|
@ -21,6 +21,10 @@ For example, when the CGI script http://mysitename.com/**cgi-bin/file.pl** is ac
|
|||
|
||||
The need to develop FastCGI is that Web was arisen by applications' rapid development and complexity, as well to address the scalability shortcomings of CGI technology. To meet those requirements [Open Market](http://en.wikipedia.org/wiki/Open_Market) introduced **FastCGI – a high performance version of the CGI technology with enhanced capabilities.**
|
||||
|
||||
## RCE \(7.\[123\].x\)
|
||||
|
||||
This [**metasploit module**](https://www.rapid7.com/db/modules/exploit/multi/http/php_fpm_rce/) exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of **PHP-FPM on Nginx**.
|
||||
|
||||
## disable\_functions bypass
|
||||
|
||||
It's possible to run PHP code abusing the FastCGI and avoiding the `disable_functions` limitations.
|
||||
|
|
Loading…
Reference in a new issue