nginx 0day exploit for nginx + fastcgi PHP

Avleen Vig avleen at
Fri May 21 21:07:00 MSD 2010

This is currently doing the rounds, so I thought it pertinent to post
it here too.

I don't know what nginx should do to fix this, but there are two
workarounds given.
If you allow file uploads (especially things like images) and use PHP
FastCGI in the back end, you should take a loot at this now.
The exploit allows for any arbitrary file which is uploaded, to be
executed as PHP.

More information about the nginx mailing list