PHP PATH_INFO Vulnerability

From Chinadu's Blog

PS: in fact, this vulnerability was revealed 10 years ago, and now it has been spread. It is estimated that it will cause a small revolution, and the source code of many major websites will be circulated.
PHP PATH_INFO Vulnerability

A website created using nginx + php may be hacked as long as images can be uploaded. Until the early morning of June 5.21, nginx has not released a patch to fix the vulnerability. Some websites have been hacked, administrator quick fix!

Test method:

Nginx server uploads images to access the image address, followed by 4shell. php

Example: <A href = "http://up.2cto.com/Article/201005/20100528102421897.jpg/4shell.php

You can select one of the three temporary repair methods.

1. Set php. ini:

Cgi. fix_pathinfo is 0

Restart php. It is the most convenient, but you need to evaluate the impact of modification settings.

2. Add the following content to the nginx vhost configuration and restart nginx. It is also convenient when there are few vhosts.

If ($ fastcgi_script_name ~ .. */. * Php ){
Return 403;
}

3. Do not upload directories to interpret PHP programs. Webserver does not need to be moved. If there are many vhosts and servers, the difficulty will increase sharply in the short term. We recommend that you use webserver when there are few vhosts and servers.
Category: Technical Article tags: 0day, nginx, PHP
Related Articles
Automatically add a slash to the nginx directory
Shopex V4.8.4 V4.8.5 0-day kill
PDF latest 0-day
Firefox 3.6 0-day is supplemented
DedeCms v5.5 0day
Rising's local privilege to kill and use code
Internet Explorer 0-day attack code has completely leaked WebSense and issued a security warning
Php. ini file A-level abnormal configuration
Gnuboard 0day & Exp
New cloud 4.0 latest 0day