Skip to content
Branch: master
Find file History
ldqsmile and phith0n Translate/uwsgi (#90)
* Update and rename README.md to README.zh-cn.md

* Create README.md

* Rename README.md to README.zh-cn.md

* Create README.md

* Update README.md
Latest commit b227b2b Dec 18, 2018
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
files change nginx port Dec 6, 2018
1.png
2.png add manual Dec 6, 2018
README.md Translate/uwsgi (#90) Dec 18, 2018
README.zh-cn.md Translate/uwsgi (#90) Dec 18, 2018
docker-compose.yml use alpine nginx instead of debian nginx Dec 6, 2018
poc.py add poc Dec 6, 2018

README.md

uWSGI Unauthorized Access Vulnerability

中文版本(Chinese version)

uWSGI is a web application server, which implements protocols such as WSGI/uwsgi/http, and supports for various languages through plugins. More than an application name, uwsgi is also an exchange standard between the front-end server and the back-end application container, just like Fastcgi.

uWSGI allows configuring back-end web application dynamically through Magic Variables. If the port is exposed, attackers can construct uwsgi packets and specify the magic variable UWSGI_FILE, so as to execute arbitrary commands by applying exec:// protocol.

Reference links:

Environment Setup

Enter the following command:

docker-compose up -d

http://your-ip:8080 is a web application and its uwsgi is exposed to 8000 port.

POC

Using poc.py,you can run the command python poc.py -u your-ip:8000 -c "touch /tmp/success"

Entering the container through docker-compose exec web bash ,you'll see /tmp/success creating successfully:

You can’t perform that action at this time.