Skip to content

Commit

Permalink
add handbook
Browse files Browse the repository at this point in the history
  • Loading branch information
@phith0n
phith0n committed Jul 4, 2017
1 parent a4afbb8 commit be90851
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
Binary file added ffmpeg/CVE-2016-1897/01.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
22 changes: 22 additions & 0 deletions ffmpeg/CVE-2016-1897/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# ffmpeg 任意文件读取漏洞/SSRF漏洞 (CVE-2016-1897/CVE-2016-1898)

运行环境:

```
docker-compose build
docker-compose up -d
```

## 原理

- http://xdxd.love/2016/01/18/ffmpeg-SSRF%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
- http://blog.neargle.com/SecNewsBak/drops/CVE-2016-1897.8%20-%20FFMpeg%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.html
- http://habrahabr.ru/company/mailru/blog/274855/

## 测试过程

详见参考文章,不再赘述。

成功读取文件:

![](01.png)

0 comments on commit be90851

Please sign in to comment.