Comments (4)
Hi @geosphere,
What is the expected behaviour in this case?
from phuip-fpizdam.
The matter is not about termination because of connection error. Pay attention to timing. I am confused about the program running for 12 hours with no visible result. I've checked this several times with similar configuration
from phuip-fpizdam.
Agree, that's confusing. Sorry I didn't notice the timing first.
Internally, the exploit tries to modify the environment of the php-fpm workers trough the bug (and by modifying the environment I mean setting PHP_VALUE options from here: https://github.com/neex/phuip-fpizdam/blob/master/attack.go#L10). It may take a long time as each try success with fairly low probability.
Maybe the exploit should exit with failure if no success achieved in some fixed number of tries? Or just print the number of requests made?
from phuip-fpizdam.
Maybe both options are useful. Print the number of requests - by default. And for automation - fixed tries from command-line key?
from phuip-fpizdam.
Related Issues (20)
- Go get does not work HOT 3
- Base status code 404 HOT 1
- HTTP requests delay option HOT 2
- Other constraint to the vulnerable config HOT 4
- Go get fails to complete HOT 1
- What is the origin of the `fpizdam` name? HOT 9
- undefined HOT 1
- I did not reproduce this problem HOT 3
- fastcgi_split_path_info doesn't need to be there, only PATH_INFO set to empty
- Strange errors HOT 3
- It seems REQUEST_URI must be set before PATH_INFO HOT 1
- Docker image and commands to check CVE-2019-11043 HOT 1
- Request To Add Open Source License
- Request to add new flag --logfile HOT 2
- Question only: docker-splitted enviroments attackable? HOT 2
- "Bypass the fact that try_files resets $fastcgi_path_info" config makes the system vulnerable again? HOT 2
- THIS IS DON'T WORK!!! HOT 1
- PATH_INFO when not $fastcgi_path_info HOT 6
- go install does not work HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phuip-fpizdam.