nginx 0day exploit for nginx + fastcgi PHP
Avleen Vig
avleen at gmail.com
Fri May 21 21:07:00 MSD 2010
This is currently doing the rounds, so I thought it pertinent to post
it here too.
http://www.webhostingtalk.com/showthread.php?p=6807475#post6807475
I don't know what nginx should do to fix this, but there are two
workarounds given.
If you allow file uploads (especially things like images) and use PHP
FastCGI in the back end, you should take a loot at this now.
The exploit allows for any arbitrary file which is uploaded, to be
executed as PHP.
More information about the nginx
mailing list