nginx 0day exploit for nginx + fastcgi PHP
r at roze.lv
Fri Feb 17 16:40:05 UTC 2012
> Seriously if it doesn't works for lighttppd that use php fcgi and works
> for nginx it is nginx issue isn't it ?
With certain configuration similar issues are also in apache but it doesn't necessary mean the webserver is at fault.
Since php 5.3.9 the fpm sapi has 'security.limit_extensions' (defaults to '.php') which limits the extensions of the main script
FPM will allow to parse.
It should prevent poor configuration mistakes.
More information about the nginx