Linux命令: 使用dmsetup建立snapshot

########################################################################
# This document provides information could be used to assist the security
# of a server against this vulnerabilities. Don't use what you learn here
# to test/check/attack a server without permission from the server owner.
# 本文档所提供之信息仅供协助提升系统安全以防范该漏洞,请勿作非授权测试或攻击用途.
# 本文檔所提供之信息僅供協助提升系統安全以防範該漏洞,請勿作非授權測試或攻擊用途.
########################################################################

HTTPoxy - Apache CGI Vulnerability

Refs:
https:///
https://tools./html/rfc3875
https://www./my_url/en/alert/16071901
https://www./security/asf-httpoxy-response.txt
https://www./blog/mitigating-the-httpoxy-vulnerability-with-nginx/

Testing Environment:
  OS Version:     CentOS release 6.8 (Final)
  Apache Version: 2.2.15 (CentOS)

Apache cgi-bin Configuration(/etc/httpd/conf/httpd.conf):
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
＜Directory "/var/www/cgi-bin"＞
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
＜/Directory＞
AddHandler cgi-script .cgi .sh .pl

For testing, I created a simple testing CGI file with bash shell comand:
# vi /var/www/cgi-bin/httpoxy.sh
------------------------------------------------------------------------
#!/bin/sh
echo "Content-type: text/html"
echo "＜html＞"
echo "＜body＞"
echo "HTTP_PROXY: $HTTP_PROXY"
echo "＜/body＞"
echo "＜/html＞"
------------------------------------------------------------------------

Set execute permission for bash shell CGI script file:
# chmod 755 /var/www/cgi-bin/httpoxy.sh

Then try to access this CGI file with curl command, watch the return:
$ curl http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY:
＜/body＞
＜/html＞


If I try to include extra header in the request:
$ curl -H "Proxy:hacker_server:port" http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY: hacker_server:port
＜/body＞
＜/html＞


As you can see, the CGI environment variable had been changed !


Open this CGI file with browser, you should see:

(pic:httpoxy-apache-cgi-bash-1.jpg)


Try to modify header:

(pic:httpoxy-apache-cgi-bash-2.jpg)



How to fix ?

Ref: https://www./security/asf-httpoxy-response.txt

# vi /etc/httpd/conf/httpd.conf
LoadModule headers_module modules/mod_headers.so
RequestHeader unset Proxy early

Note: Above two lines enabled in the httpd.conf file will remove the "Proxy:" header from all incoming requests, before further processing; So it will mitigate "httpoxy" issues across all of the Apache CGI mechanisms, including PHP(FastCGI/CGI), Perl CGI script, Bash shell CGI script, .., and so on.

Ref: https:///#fix-now
Example for using this in .htaccess files:
＜IfModule mod_headers.c＞
   RequestHeader unset Proxy
＜/IfModule＞

# /etc/init.d/httpd restart

Then try to include extra header with curl command:
$ curl -H "Proxy:hacker_server:port" http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY:
＜/body＞
＜/html＞

You should see the HTTP_PROXY variable is empty now !

########################################################################
# This document provides information could be used to assist the security
# of a server against this vulnerabilities. Don't use what you learn here
# to test/check/attack a server without permission from the server owner.
# 本文档所提供之信息仅供协助提升系统安全以防范该漏洞,请勿作非授权测试或攻击用途.
# 本文檔所提供之信息僅供協助提升系統安全以防範該漏洞,請勿作非授權測試或攻擊用途.
########################################################################

HTTPoxy - Apache CGI Vulnerability

Refs:
https:///
https://tools./html/rfc3875
https://www./my_url/en/alert/16071901
https://www./security/asf-httpoxy-response.txt
https://www./blog/mitigating-the-httpoxy-vulnerability-with-nginx/

Testing Environment:
  OS Version:     CentOS release 6.8 (Final)
  Apache Version: 2.2.15 (CentOS)

Apache cgi-bin Configuration(/etc/httpd/conf/httpd.conf):
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
＜Directory "/var/www/cgi-bin"＞
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
＜/Directory＞
AddHandler cgi-script .cgi .sh .pl

For testing, I created a simple testing CGI file with bash shell comand:
# vi /var/www/cgi-bin/httpoxy.sh
------------------------------------------------------------------------
#!/bin/sh
echo "Content-type: text/html"
echo "＜html＞"
echo "＜body＞"
echo "HTTP_PROXY: $HTTP_PROXY"
echo "＜/body＞"
echo "＜/html＞"
------------------------------------------------------------------------

Set execute permission for bash shell CGI script file:
# chmod 755 /var/www/cgi-bin/httpoxy.sh

Then try to access this CGI file with curl command, watch the return:
$ curl http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY:
＜/body＞
＜/html＞


If I try to include extra header in the request:
$ curl -H "Proxy:hacker_server:port" http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY: hacker_server:port
＜/body＞
＜/html＞


As you can see, the CGI environment variable had been changed !


Open this CGI file with browser, you should see:

(pic:httpoxy-apache-cgi-bash-1.jpg)


Try to modify header:

(pic:httpoxy-apache-cgi-bash-2.jpg)



How to fix ?

Ref: https://www./security/asf-httpoxy-response.txt

# vi /etc/httpd/conf/httpd.conf
LoadModule headers_module modules/mod_headers.so
RequestHeader unset Proxy early

Note: Above two lines enabled in the httpd.conf file will remove the "Proxy:" header from all incoming requests, before further processing; So it will mitigate "httpoxy" issues across all of the Apache CGI mechanisms, including PHP(FastCGI/CGI), Perl CGI script, Bash shell CGI script, .., and so on.

Ref: https:///#fix-now
Example for using this in .htaccess files:
＜IfModule mod_headers.c＞
   RequestHeader unset Proxy
＜/IfModule＞

# /etc/init.d/httpd restart

Then try to include extra header with curl command:
$ curl -H "Proxy:hacker_server:port" http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY:
＜/body＞
＜/html＞

You should see the HTTP_PROXY variable is empty now !

########################################################################
# This document provides information could be used to assist the security
# of a server against this vulnerabilities. Don't use what you learn here
# to test/check/attack a server without permission from the server owner.
# 本文档所提供之信息仅供协助提升系统安全以防范该漏洞,请勿作非授权测试或攻击用途.
# 本文檔所提供之信息僅供協助提升系統安全以防範該漏洞,請勿作非授權測試或攻擊用途.
########################################################################

HTTPoxy - Apache CGI Vulnerability

Refs:
https:///
https://tools./html/rfc3875
https://www./my_url/en/alert/16071901
https://www./security/asf-httpoxy-response.txt
https://www./blog/mitigating-the-httpoxy-vulnerability-with-nginx/

Testing Environment:
  OS Version:     CentOS release 6.8 (Final)
  Apache Version: 2.2.15 (CentOS)

Apache cgi-bin Configuration(/etc/httpd/conf/httpd.conf):
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
＜Directory "/var/www/cgi-bin"＞
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
＜/Directory＞
AddHandler cgi-script .cgi .sh .pl

For testing, I created a simple testing CGI file with bash shell comand:
# vi /var/www/cgi-bin/httpoxy.sh
------------------------------------------------------------------------
#!/bin/sh
echo "Content-type: text/html"
echo "＜html＞"
echo "＜body＞"
echo "HTTP_PROXY: $HTTP_PROXY"
echo "＜/body＞"
echo "＜/html＞"
------------------------------------------------------------------------

Set execute permission for bash shell CGI script file:
# chmod 755 /var/www/cgi-bin/httpoxy.sh

Then try to access this CGI file with curl command, watch the return:
$ curl http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY:
＜/body＞
＜/html＞


If I try to include extra header in the request:
$ curl -H "Proxy:hacker_server:port" http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY: hacker_server:port
＜/body＞
＜/html＞


As you can see, the CGI environment variable had been changed !


Open this CGI file with browser, you should see:

(pic:httpoxy-apache-cgi-bash-1.jpg)


Try to modify header:

(pic:httpoxy-apache-cgi-bash-2.jpg)



How to fix ?

Ref: https://www./security/asf-httpoxy-response.txt

# vi /etc/httpd/conf/httpd.conf
LoadModule headers_module modules/mod_headers.so
RequestHeader unset Proxy early

Note: Above two lines enabled in the httpd.conf file will remove the "Proxy:" header from all incoming requests, before further processing; So it will mitigate "httpoxy" issues across all of the Apache CGI mechanisms, including PHP(FastCGI/CGI), Perl CGI script, Bash shell CGI script, .., and so on.

Ref: https:///#fix-now
Example for using this in .htaccess files:
＜IfModule mod_headers.c＞
   RequestHeader unset Proxy
＜/IfModule＞

# /etc/init.d/httpd restart

Then try to include extra header with curl command:
$ curl -H "Proxy:hacker_server:port" http://10.10.0.6/cgi-bin/httpoxy.sh
＜html＞
＜body＞
HTTP_PROXY:
＜/body＞
＜/html＞

You should see the HTTP_PROXY variable is empty now !