49 messages in ru.sysoev.nginxRe: nginx 0day exploit for nginx + fa...| From | Sent On | Attachments |
|---|---|---|
| Avleen Vig | May 21, 2010 10:06 am | |
| Avleen Vig | May 21, 2010 10:26 am | |
| Michael Shadle | May 21, 2010 10:27 am | |
| Igor Sysoev | May 21, 2010 10:32 am | |
| Igor Sysoev | May 21, 2010 10:39 am | |
| Michael Shadle | May 21, 2010 10:47 am | |
| Igor Sysoev | May 21, 2010 11:11 am | |
| Ian Evans | May 21, 2010 11:25 am | |
| Michael Shadle | May 21, 2010 11:35 am | |
| Igor Sysoev | May 21, 2010 11:36 am | |
| Ian M. Evans | May 21, 2010 12:03 pm | |
| Jérôme Loyet | May 21, 2010 12:44 pm | |
| Igor Sysoev | May 21, 2010 1:38 pm | |
| Ian Evans | May 21, 2010 1:49 pm | |
| brianmercer | May 21, 2010 2:02 pm | |
| Igor Sysoev | May 21, 2010 2:17 pm | |
| Ian Evans | May 21, 2010 2:50 pm | |
| Cliff Wells | May 21, 2010 5:56 pm | |
| Grzegorz Sienko | May 21, 2010 6:17 pm | |
| Michael Shadle | May 21, 2010 6:30 pm | |
| Cliff Wells | May 21, 2010 7:37 pm | |
| Ian M. Evans | May 21, 2010 10:23 pm | |
| Igor Sysoev | May 21, 2010 10:27 pm | |
| Igor Sysoev | May 21, 2010 11:06 pm | |
| Ian Evans | May 21, 2010 11:55 pm | |
| Igor Sysoev | May 22, 2010 12:53 am | |
| Ian M. Evans | May 22, 2010 2:42 am | |
| Igor Sysoev | May 22, 2010 3:06 am | |
| Ian M. Evans | May 22, 2010 3:16 am | |
| Igor Sysoev | May 22, 2010 3:22 am | |
| Ian M. Evans | May 22, 2010 3:49 am | |
| Ian M. Evans | May 22, 2010 5:13 am | |
| Igor Sysoev | May 22, 2010 5:23 am | |
| Ian M. Evans | May 22, 2010 5:44 am | |
| Ding Deng | May 22, 2010 6:23 am | |
| Michael Shadle | May 22, 2010 12:25 pm | |
| Ian M. Evans | May 22, 2010 3:26 pm | |
| Weibin Yao | May 23, 2010 8:19 pm | |
| Jérôme Loyet | May 23, 2010 11:56 pm | |
| Weibin Yao | May 24, 2010 1:13 am | |
| Eren Türkay | May 25, 2010 8:40 am | |
| gdork | Jan 26, 2011 8:06 pm | |
| Michael Shadle | Jan 26, 2011 8:13 pm | |
| Edho P Arief | Jan 26, 2011 9:22 pm | |
| Michael Shadle | Jan 26, 2011 10:03 pm | |
| tuurtnt | Dec 14, 2011 3:25 pm | |
| Kraiser | Feb 17, 2012 6:53 am | |
| Reinis Rozitis | Feb 17, 2012 8:39 am | |
| zsero | Oct 30, 2012 10:01 am |
| Subject: | Re: nginx 0day exploit for nginx + fastcgi PHP | |
|---|---|---|
| From: | Michael Shadle (mike...@gmail.com) | |
| Date: | May 21, 2010 10:47:42 am | |
| List: | ru.sysoev.nginx | |
On Fri, May 21, 2010 at 10:33 AM, Igor Sysoev <ig...@sysoev.ru> wrote:
I do not see why this is treated as nginx bug ? Why is anyone able at all to upload images to /scripts directory ?
It's not really a bug, like he said. However it is a configuration method that almost everyone uses for nginx.
This is probably why "cgi-bin" was such a standard for so many years. "Only execute things in this directory!" but this gets around that due to the looser configuration most people have in nginx.
Why does PHP have cgi.fix_pathinfo option ?
I want to figure this out too. Once I can replicate this issue I'm going to disable it, see if it gets fixed, and then see if any other scripts are messed up by disabling that.
from php.net:
Provides real PATH_INFO/PATH_TRANSLATED support for CGI. PHP's previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting of zero causes PHP to behave as before. Default is zero. You should fix your scripts to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
I think lighttpd might not be touched because it doesn't use regex configurations to pass things to the PHP interpreter as "trusted" code to execute. It determines the real file internally and then parses the extension (is how I would think it works)
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx