Content Spoofing vulnerability
c0nw0nk
nginx-forum at forum.nginx.org
Fri Aug 11 14:11:10 UTC 2017
blason Wrote:
-------------------------------------------------------
> Hi Guys,
>
> We have multiple webservers behind Nginx Reverse Proxy and at one of
> the server we have discovered Content spoofing, the vulnerability is
> patched on Apache but also needs to be patchef on Nginx server.
>
> I googled a lot but unable to find a relevant information. Can someone
> please suggest the way to mitigate the same on Nginx?
>
> here is the Apache remediation
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^abc\.biz
> RewriteCond %{HTTP_HOST} !^www\.abc\.biz
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"
>
> RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\
> [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\ HTTP/
> #RewriteRule .* - [F,NS,L]
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"
If your application is vulnerable to those kinds of attacks you should patch
it or get a WAF like Naxsi to prevent them.
https://www.owasp.org/index.php/Content_Spoofing
As the page shows.
<?php
$name = $_REQUEST ['name'];
?>
<html>
<h1>Welcome to the Internet!</h1>
<br>
<body>
Hello, <?php echo $name; ?>!
<p>We are so glad you are here!</p>
</body>
</html>
The page functionality can be tested by making the following GET request to
the page:
http://127.0.0.1/vulnerable.php?name=test-exploit-phishing-scam-etc
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276023,276029#msg-276029
More information about the nginx
mailing list