Code execution of metersbonwe mall caused the collapse + nginx parsing vulnerability of a sub-station

PHP code execution in two shopping malls of metersbonwe directly fails. nginx parsing vulnerability in one sub-site: ThinkPHP framework URI arbitrary code execution vulnerability in two shopping malls: Response (phpinfo () % 7D/response (phpinfo ()) % 7D code execution, you can directly getshell. There is also a nginx Parsing Vulnerability: http://express.banggo.com/css/templatecss/global.css/seay.phpSolution:Dear meibang, I have always liked wow. Please give me a gift and ask for encouragement. Thinkphp code execution, can download officially released patches: http://code.google.com/p/thinkphp/source/detail? Spec = svn2904 & r = 2838 or directly modify the source code:/trunk/ThinkPHP/Lib/Core/Dispatcher. class. php $ res = preg_replace ('@ (w + )'. $ depr. '([^ '. $ depr. '\/] +) @ E',' $ var [\ '\ 1 \'] = "\ 2"; ', implode ($ depr, $ paths); changed to $ res = preg_replace ('@ (w + )'. $ depr. '([^ '. $ depr. '\/] +) @ E',' $ var [\ '\ 1 \'] = "\ 2 ';', implode ($ depr, $ paths); replace the double quotation marks in the second preg_replace parameter with single quotation marks to prevent the php variable syntax from being parsed and executed. Nginx resolution vulnerability fix: Reference from Baidu: 1 disable php. path_info, cgi. set path_info to 0. if there is one before by default; or if there is no such paragraph, add cgi manually. path_info = Modify nginx settings. For example, the original file server {listen 80; server_name typengine.com; location/{root/home/www/typengine.com; index. php index.html index.htm; autoindex on;} location ~ \. Php $ {root html; fastcgi_pass 127.0.0.1: 9000; fastcgi_index index. php; if ($ fastcgi_script_name ~ \ .. * \/. * Php) {return 403;} fastcgi_param SCRIPT_FILENAME/home/www/typengine.com $ fastcgi_script_name; include fastcgi_params ;}}