Possible widespread PHP configuration issue - security risk
zuborg
nginx-forum at nginx.us
Fri Aug 27 19:47:47 MSD 2010
http://myserver/uploads/test.jpg/.php - this attack relyes on some
php-fcgi feature ?
I don't think it will work on 'proxy_pass' to Apache
Actually, there is difference between
location ~ .php$ { }
and
location ~ .php {}
Last one will match 'test.php.jpg', but Apache will still handle such
file as image/jpeg, so 'fastcgi_pass' is still required to exploit such
configuration.
It also applyes to first exploit too - most installations forbid access
to *.php files in upload/ dir by .htaccess, so 'proxy_pass' will return
403 in most cases.
But, again, people using 'fastcgi_pass' should take a look at their
configs, they really may be vulnerable.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,124297,124308#msg-124308
More information about the nginx
mailing list