nginx 0day exploit for nginx + fastcgi PHP
igor at sysoev.ru
Fri May 21 22:36:58 MSD 2010
On Fri, May 21, 2010 at 02:26:31PM -0400, Ian Evans wrote:
> Is this situation only pertaining to sites that allow uploads from forms?
> Going way back to this thread
> (http://www.ruby-forum.com/topic/145358#645652) in '08, I needed
> cgi.fix-pathinfo=1 to fix problems with paths and specific extensionless
> files I needed run as php.
> Changing cgi.fix-pathinfo=1 to 0 broke a lot of stuff.
Could you show again how URIs should be mapped to SCRIPT_FILENAME
and PATH_INFO ? Modern nginx versions support named captures in regex.
More information about the nginx