blason Wrote:
-------------------------------------------------------
> Hi Guys,
>
> We have multiple webservers behind Nginx Reverse Proxy and at one of
> the server we have discovered Content spoofing, the vulnerability is
> patched on Apache but also needs to be patchef on Nginx server.
>
> I googled a lot but unable to find a relevant information. Can someone
> please suggest the way to mitigate the same on Nginx?
>
> here is the Apache remediation
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^abc\.biz
> RewriteCond %{HTTP_HOST} !^www\.abc\.biz
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"
>
> RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\
> [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\ HTTP/
> #RewriteRule .* - [F,NS,L]
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"


If your application is vulnerable to those kinds of attacks you should patch it or get a WAF like Naxsi to prevent them.

https://www.owasp.org/index.php/Content_Spoofing

As the page shows.

<?php
$name = $_REQUEST ['name'];
?>
<html>
<h1>Welcome to the Internet!</h1>
<br>
<body>
Hello, <?php echo $name; ?>!
<p>We are so glad you are here!</p>
</body>
</html>

The page functionality can be tested by making the following GET request to the page:

http://127.0.0.1/vulnerable.php?name=test-exploit-phishing-scam-etc

http://www.networkflare.com/