不能說是漏洞,只是 apache 特性而已。
下面是apache httpd.conf中截取的一段:
<IfModule mime_module> # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # TypesConfig conf/mime.types # # AddType allows you to add to or override the MIME configuration # file specified in TypesConfig for specific file types. # #AddType application/x-gzip .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz # # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php .php3 # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # #AddHandler cgi-script .cgi # For type maps (negotiated resources): #AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # #AddType text/html .shtml #AddOutputFilter INCLUDES .shtml </IfModule>
由上可知道,.php 或 .php3后綴的文件會被php解析。
Index.php.a文件有兩個后綴,分別是.php和.a,apache無法識別.a但可以識別.php,然后件給php去解析。
如果去掉后綴 (.php) ,則無法解析,按照默認設置(DefaultType text/plain),對於無法識別的后綴,按純文本發給瀏覽器。
如下圖(.a后綴無法識別,按默認):
如果在 httpd.conf 中添加AddType application/x-httpd-php .a如圖:
Apache按從右到左的順序識別文件后綴,直至找到后綴能匹配配置文件中的設置。index.php.txt,將會被識別為純文本(text/plain);
index.php.Z將會被識別為壓縮文件。Index.php.a 若.a沒有被設置或mime.types沒有定義,則會識別為.php后綴的文件,交給php解析。
在mine.types中設置后綴匹配識別:
