Home > Cloud Computing > Cloud Security

Nginx vulnerability exposed by foreigners

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Last night, the black pot posted a foreigner-exposed Nginx vulnerability on Weibo, and few people started to pay attention to it. I tested and verified the installation environment, I tried two websites on the Internet and verified the vulnerability, So I uploaded the vulnerability on Weibo immediately.
 
 
 
This vulnerability was launched in July 20. Foreigners have made a very detailed analysis. For more information, see:
 
 
 
Here I will talk about the hidden points and key points of this vulnerability:
 
 
 
1. old broilers become new Broilers
 
We should remember 80 sec issued nginx file type error Parsing Vulnerability: http://www.bkjia.com/Article/201005/47604.html

 
 
The vulnerability is exploited as follows:
 
/Test.jpg/x. php
 
 
 
The temporary solution is:
 
If ($ fastcgi_script_name ~ .. */. * Php ){
Return 403;
}
 
 
 
New vulnerabilities are exploited in the following ways:
/Test.jpg % 00.php
 
 
 
Matched with the regular expression fastcgi_script_name, we will find that this vulnerability is not found, so it is very rare that bots that have been hacked by the old nginx vulnerability can be hacked again.
 
 
 
2. Methods to accurately identify this vulnerability.
 
Generally, this vulnerability can be exploited only in applications that can upload files. Therefore, the Forum bears the brunt of this vulnerability. For example, the two files on the discuz forum can easily identify this vulnerability.
 
1. PHP syntax error.
 
 
 
2. Eat the first line of CGI # comment.
 
For details, refer:
Http://www.bkjia.com/Article/201101/81627.html
The principle is here.
 
 
 
Iii. Scope of vulnerability impact
 
All versions of nginx 0.7.65 or lower (0. 5. *, 0. 6. *, 0. 7. *) and 0.8.37 (0. 8. *) are affected.
 
In fact, some old versions are still affected, but many of the earliest companies in China that sought after ngnix do not have many vulnerable nginx versions used online, especially for security companies, so be careful when you get hacked.
 
Author: Cyber Security Defense Research Office (www.91ri.org)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More