nginx 0day exploit for nginx + fastcgi PHP
Ian M. Evans
ianevans at digitalhit.com
Sat May 22 14:49:56 MSD 2010
On 5/22/2010 6:22 AM, Igor Sysoev wrote:
> On Sat, May 22, 2010 at 06:17:26AM -0400, Ian M. Evans wrote:
>
>> Yep, the two locations you suggested:
>>
>> location ~ ^/(?P<SN>cr...
>>
>> and
>>
>> location ~ ^(?P<SN>.*/(cr...
>
> I can not reproduce. Do you use 0.8.37 ?
>
>
Yes...I installed it last night and forgot to restart it, so the old
version was still running. Once I finish banging my head on the desk,
I'll disable the cgi.fix_pathinfo and make sure all is well.
Thanks, and I'll let you know the results.
More information about the nginx
mailing list