简述
/files 别名设置为 /home/,请求 http://192.168.137.113:32000/files../ 时会替换为 http://192.168.137.113:32000/home/../ 从而引发目录穿越。
环境搭建,使用kubectl(k8s)搭建
nginx:1.16.1
apiVersion: v1
kind: PersistentVolume
metadata:
name: task-pv-volume
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/root/lesson-03/data"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: task-pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
selector:
app: nginx
ports:
- protocol: "TCP"
port: 801
targetPort: 80
nodePort: 32000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-1-11-3
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes:
- name: task-pv-storage
persistentVolumeClaim:
claimName: task-pv-claim
containers:
- name: nginx
image: nginx:1.16.1
ports:
- containerPort: 80
volumeMounts:
- mountPath: "/etc/nginx/conf.d"
name: task-pv-storage
Nginx配置:
location /files {
autoindex on;
alias /home/;
}
复现
访问 http://192.168.137.113:32000/files/ 正常
访问 http://192.168.137.113:32000/files../ 发生目录穿越
修复
Nginx配置修改为 /files/
location /files/ {
autoindex on;
alias /home/;
}
访问 http://192.168.137.113:32000/files../ 请求 http://192.168.137.113:32000/files../ 404,因为无法匹配 files..
参考:http://www.taodudu.cc/news/show-5904445.html?action=onClick
评论