Действия по воспроизведению: создание сценария bash для запуска из FastCGI через NGINX, без указания переменных в строке URL.
Nginx Расположение:
location ~ (\.cgi|\.py|\.sh|\.pl|\.lua)$ {
gzip off;
autoindex on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
Начало скрипта Bash:
# Save the old internal field separator.
OIFS="$IFS"
# Set the field separator to & and parse the QUERY_STRING at the ampersand.
IFS="${IFS}&"
set $QUERY_STRING
Args="$*"
IFS="$OIFS"
Ожидаемый результат: ничего
Фактический объем производства:
Обратите внимание, что выход был продезинфицирован
BASH = / бен / Баш
BASHOPTS = ""
BASH_ALIASES = ""
BASH_ARGC = ""
BASH_ARGV = ""
BASH_CMDS = ""
BASH_LINENO = ""
BASH_SOURCE = ""
BASH_VERSINFO = ""
BASH_VERSION = "" `
CONTENT_LENGTH = ""
CONTENT_TYPE = ""
DAEMON_OPTS = ""
DIRSTACK = ""
DOCUMENT_ROOT = ""
DOCUMENT_URI = ""
EUID = ""
FCGI_ROLE = ""
GATEWAY_INTERFACE = ""
ГРУППЫ = ""
HOME = ""
HOSTNAME = ""
HOSTTYPE = ""
HTTPS = ""
HTTP_ACCEPT = ""
HTTP_ACCEPT_ENCODING = ""
HTTP_ACCEPT_LANGUAGE = ""
HTTP_CONNECTION = ""
HTTP_COOKIE = CID = ""
HTTP_HOST = ""
HTTP_UPGRADE_INSECURE_REQUESTS = ""
HTTP_USER_AGENT = ""
IFS = ""
INVOCATION_ID = ""
JOURNAL_STREAM = ""
LANG = ""
LOGNAME = ""
MACHTYPE = ""
OIFS = ""
Opterr = ""
OPTIND = ""
OSTYPE = ""
PATH = ""
PIPESTATUS = ""
PPID = ""
PS4 = ""
PWD = ""
QUERY_STRING = ""
REDIRECT_STATUS = ""
REMOTE_ADDR = ""
REMOTE_PORT = ""
REQUEST_METHOD = ""
REQUEST_SCHEME = ""
REQUEST_URI = ""
SCRIPT_FILENAME = ""
SCRIPT_NAME = ""
Server_addr = ""
SERVER_NAME = ""
SERVER_PORT = ""
SERVER_PROTOCOL = ""
SERVER_SOFTWARE = ""
SHELL = ""
SHELLOPTS = ""
SHLVL = ""
TERM = ""
UID = ""
USER = ""
_ = ""