- The specific reproduction process, with PHP code to modify the suffix after uploading, such as http://www.xx.com/1.jpg, access to the time with http://www.xx.com/1.jpg/xxx.php
Copy Code
This JPG code will be executed!!!
http://docs.php.net/manual/zh/ini.core.php
Cgi.fix_pathinfo "1″php_ini_all from PHP 4.3.0 Please note: The default is 1
Workaround:
1. Modify the Cgi.cgi.fix_pathinfo in php.ini to 0 ( even if you do not search in php.ini, also set, no search to indicate the default is 1)
2. Determine the file upload type using strict judgment, as to how to judge, see: http://www.54chen.com/php-tech/ Php-upload-file-types-to-determine-the-complete-program-and-php-nginx-upload-size-and-complete-control-program.html
3. Modify the Nginx judgment to remove/
if ($fastcgi _script_name ~ \.. *\/.*php) {
return 403;
}
Nginx + PHP CGI fix_pathinfo security vulnerability