nginx 0day exploit for nginx + fastcgi PHP
Edho P Arief
edhoprima at gmail.com
Thu Jan 27 08:23:21 MSK 2011
On Thu, Jan 27, 2011 at 11:07 AM, gdork <nginx-forum at nginx.us> wrote:
> 40 of my servers were compromised because of this issue and I just found
> out about it...aarrrghhhh.
> There are php cmd shell trojans everywhere now!
>
> I was able to easily replicate this issue, and the cgi.fix_pathinfo=0
> fix did NOT work on my systems.
>
> Adding:
>
> location ~ \..*/.*\.php$ {
> return 403;
> }
>
I believe one of the solution is adding
try_files $uri =403;
to the php block.
Other one is to allow php on specific directory/file only.
Other one is to disable php on user-upload directory by creating its
own location block.
And the other is to not use php at all :)
More information about the nginx
mailing list