Welcome! Log In Create A New Profile

Advanced

Did nginx fixed the php/pathinfo exploit in the core?

Previous Message Next Message
Forum List Message List New Topic Print View
howard chen
December 15, 2012 02:02AM
Now tried to test for the exploit (
http://forum.nginx.org/read.php?2,88845,88996) , nginx return 403 directly
without hitting my backend php


===============


curl -s -D - 'http://www.example.com/test.jpg/f.php'

HTTP/1.1 403 Forbidden

Server: nginx

Date: Fri, 14 Dec 2012 17:40:03 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive


Access denied.


===============


Which version it was fixed?

Thanks.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Did nginx fixed the php/pathinfo exploit in the core?

howard chen December 15, 2012 02:02AM

Re: Did nginx fixed the php/pathinfo exploit in the core?

Francis Daly December 15, 2012 09:22AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 165
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready