Nginx+Php-fpm Dangerous Bug

escavern nginx-forum at nginx.us
Sat Dec 3 09:05:29 UTC 2011


-------------------------------------------------------------------------------------------------
Also your script is broken since you grab the value from the URI
without doing any filtering. So you're setting yourself up for being
exploited. Even with a safe configuration.
------------------------------------------------------------------------------------------------

Until now im unable to find which script caused hacker can access
phpshell formed in Image
that's just a script i found in google and its not supposed to be
running and unable to executed on Apache
see this: http://ceri.ws/rfi.php?hal=ass.jpg <---------------- using
Apace and phpshell unable to executed
why does it wont executed on Apache but executed on Nginx? this is very
freaking me out

i wish someone can help me to stop it executed like apache does.
thanks

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219532,219536#msg-219536



More information about the nginx mailing list