You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/network-services-pentesting/pentesting-web/wsgi.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -181,6 +181,16 @@ Combine `UWSGI_CHDIR` with a file-serving helper to browse sensitive directories
181
181
- If uWSGI runs with elevated privileges and writes sockets/pids owned by root, abusing env and directory changes may help you drop files with privileged owners or manipulate runtime state.
182
182
- Overriding configuration via environment (`UWSGI_*`) inside a file loaded through `UWSGI_FILE` can affect process model and workers to make persistence stealthier.
183
183
184
+
```python
185
+
# malicious_config.py
186
+
import os
187
+
188
+
# Override uWSGI configuration
189
+
os.environ['UWSGI_MASTER'] ='1'
190
+
os.environ['UWSGI_PROCESSES'] ='1'
191
+
os.environ['UWSGI_CHEAPER'] ='1'
192
+
```
193
+
184
194
## Reverse-proxy desync issues relevant to uWSGI chains (recent)
185
195
186
196
Deployments that use Apache httpd with `mod_proxy_uwsgi` have faced recent response-splitting/desynchronization bugs that can influence the frontend↔backend translation layer:
0 commit comments