nginx 0day exploit for nginx + fastcgi PHP
Ian M. Evans
ianevans at digitalhit.com
Sun May 23 02:26:29 MSD 2010
On 5/22/2010 8:44 AM, Ian M. Evans wrote:
>>> Well, unfortunately, changing cgi.fix_pathinfo to cgi.fix_pathinfo=0
>>> killed the extensionless php files, just like it did in 2008.
>>> Here's a snippet from the debug log when it works (cgi.fix_pathinfo=1):
>> If you request "/academy/75/photos/" with with cgi.fix_pathinfo=0,
>> does it work ?
> Adding the trailing slash still produced a 404.
Well, after being up for 21hrs, I decide to sleep. Downing my first
coffee of the day now and trying to Google anything that would lead me
to understand why cgi.fix_pathinfo=1 works with Igor's location and
cgi.fix_pathinfo=0 breaks it.
Two notes: 1) is my issue related at all to
http://www.ruby-forum.com/topic/183579 and 2) many thanks to Igor and
everyone else on this list. I think nginx isn't the best server because
of speed and footprint, no it's the best because of the community. :-)
More information about the nginx