nginx CVE-2013-4547

freetimex · Aug 28, 2017 · 23374fd · 23374fd
1 parent 729e5c9
commit 23374fd
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 0 deletions.
diff --git a/nginx/CVE-2013-4547/docker-compose.yml b/nginx/CVE-2013-4547/docker-compose.yml
@@ -0,0 +1,11 @@
+version: '2'
+services:
+ nginx:
+   image: vulhub/nginx:1.4.2
+   volumes:
+    - ./nginx.conf:/usr/local/nginx/conf/nginx.conf
+   ports:
+    - "8080:80"
+ php:
+   build: ./php-fpm/
+
diff --git a/nginx/CVE-2013-4547/nginx.conf b/nginx/CVE-2013-4547/nginx.conf
@@ -0,0 +1,33 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    server {
+        listen       80;
+        server_name  localhost;
+        root   html;
+        index  index.html index.htm index.php;
+
+        charset utf-8;
+
+        location ~ \.php$ {
+           root           html;
+           include        fastcgi_params;
+
+           fastcgi_pass   php:9000;
+           fastcgi_index  index.php;
+           fastcgi_param  SCRIPT_FILENAME  /var/www/html$fastcgi_script_name;
+           fastcgi_param  DOCUMENT_ROOT /var/www/html;
+        }
+    }
+}
diff --git a/nginx/CVE-2013-4547/php-fpm/Dockerfile b/nginx/CVE-2013-4547/php-fpm/Dockerfile
@@ -0,0 +1,10 @@
+FROM vulhub/php:5-fpm
+
+MAINTAINER phithon <[email protected]>
+
+RUN rm -rf /var/www/html/* \
+    && mkdir -p /var/www/html/uploadfiles \
+    && chmod 777 /var/www/html/uploadfiles
+
+COPY www.conf /usr/local/etc/php-fpm.d/www-2.conf
+COPY index.php /var/www/html/
diff --git a/nginx/CVE-2013-4547/php-fpm/index.php b/nginx/CVE-2013-4547/php-fpm/index.php
@@ -0,0 +1,33 @@
+<?php
+if (!empty($_FILES)):
+
+// Check for errors
+if($_FILES['file_upload']['error'] > 0){
+    die('An error ocurred when uploading.');
+}
+
+// Check filesize
+if(!is_uploaded_file($_FILES['file_upload']['tmp_name'])) {
+    die('File is not uploaded file');
+}
+
+$ext = pathinfo($_FILES['file_upload']['name'], PATHINFO_EXTENSION);
+if (empty($ext) || !in_array($ext, ['php', 'php3', 'php5', 'phtml'])) {
+    die('Unsupported filetype uploaded.');
+}
+
+$new_name = __DIR__ . '/uploadfiles/' . $_FILES['file_upload']['name'];
+if(!move_uploaded_file($_FILES['file_upload']['tmp_name'], $new_name)){
+    die('Error uploading file - check destination is writeable.');
+}
+
+die('File uploaded successfully: ' . $new_name);
+
+else:
+?>
+<form method="post" enctype="multipart/form-data">
+    File: <input type="file" name="file_upload">
+    <input type="submit">
+</form>
+<?php
+endif;
diff --git a/nginx/CVE-2013-4547/php-fpm/www.conf b/nginx/CVE-2013-4547/php-fpm/www.conf
@@ -0,0 +1,2 @@
+[www]
+security.limit_extensions =