Welcome! Log In Create A New Profile

Advanced

Re: Did nginx fixed the php/pathinfo exploit in the core?

Previous Message Next Message
Forum List Message List New Topic Print View
Francis Daly
December 15, 2012 09:22AM
On Sat, Dec 15, 2012 at 03:00:53PM +0800, howard chen wrote:

Hi there,

> Now tried to test for the exploit (
> http://forum.nginx.org/read.php?2,88845,88996) , nginx return 403 directly
> without hitting my backend php

> Which version it was fixed?

What's in your nginx.conf?

The one location that matches /test.jpg/f.php, plus the server-level
config if relevant?

I suspect it was fixed in "whichever version you used a suitable
configuration in".

(But maybe I misunderstood the nature of the problem.)

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Did nginx fixed the php/pathinfo exploit in the core?

howard chen December 15, 2012 02:02AM

Re: Did nginx fixed the php/pathinfo exploit in the core?

Francis Daly December 15, 2012 09:22AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 108
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready