Nginx+Php-fpm Dangerous Bug
escavern
nginx-forum at nginx.us
Sat Dec 3 09:05:29 UTC 2011
-------------------------------------------------------------------------------------------------
Also your script is broken since you grab the value from the URI
without doing any filtering. So you're setting yourself up for being
exploited. Even with a safe configuration.
------------------------------------------------------------------------------------------------
Until now im unable to find which script caused hacker can access
phpshell formed in Image
that's just a script i found in google and its not supposed to be
running and unable to executed on Apache
see this: http://ceri.ws/rfi.php?hal=ass.jpg <---------------- using
Apace and phpshell unable to executed
why does it wont executed on Apache but executed on Nginx? this is very
freaking me out
i wish someone can help me to stop it executed like apache does.
thanks
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219532,219536#msg-219536
More information about the nginx
mailing list