rescue ::Interrupt
raise $!
rescue ::Rex::HostUnreachable, ::Rex::ConnectionRefused
print_error("The target service unreachable")
rescue ::OpenSSL::SSL::SSLError
print_error("The target failed to negotiate SSL, is this really an SSL service?")
end
end
def rand_php_ini_false
[ "0", "off", "false" ].sort_by{rand}.first
end
def rand_php_ini_true
[ "1", "on", "true" ].sort_by{rand}.first
end
end
建议:
--------------------------------------------------------------------------------
临时解决方法:
使用RewriteRule来过滤请求:
RewriteRule规则如下
RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]
厂商补丁:
PHP
---
目前厂商已经发布了5.3.12及5.4.2两个最新版本,但有报告说并没有正确修复这个安全问题,请密切关注厂商网站下载最新版本: