Welcome! Log In Create A New Profile

Re: nginx 0day exploit for nginx + fastcgi PHP

Forum List Message List New Topic Print View

mike

May 21, 2010 01:52PM

Registered: 15 years ago
Posts: 833

On Fri, May 21, 2010 at 10:33 AM, Igor Sysoev <igor@sysoev.ru> wrote:

> I do not see why this is treated as nginx bug ?
> Why is anyone able at all to upload images to /scripts directory ?

It's not really a bug, like he said. However it is a configuration
method that almost everyone uses for nginx.

This is probably why "cgi-bin" was such a standard for so many years.
"Only execute things in this directory!" but this gets around that due
to the looser configuration most people have in nginx.

> Why does PHP have cgi.fix_pathinfo option ?

I want to figure this out too. Once I can replicate this issue I'm
going to disable it, see if it gets fixed, and then see if any other
scripts are messed up by disabling that.

from php.net:

Provides real PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and
to not grok what PATH_INFO is. For more information on PATH_INFO, see
the cgi specs. Setting this to 1 will cause PHP CGI to fix it's paths
to conform to the spec. A setting of zero causes PHP to behave as
before. Default is zero. You should fix your scripts to use
SCRIPT_FILENAME rather than PATH_TRANSLATED.

I think lighttpd might not be touched because it doesn't use regex
configurations to pass things to the PHP interpreter as "trusted" code
to execute. It determines the real file internally and then parses the
extension (is how I would think it works)

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
nginx 0day exploit for nginx + fastcgi PHP	Avleen Vig	May 21, 2010 01:14PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Avleen Vig	May 21, 2010 01:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Eren Türkay	May 25, 2010 11:44AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 01:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 01:36PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 01:44PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 01:52PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 02:16PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 02:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 02:40PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 02:40PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 21, 2010 03:10PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 04:46PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 04:58PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 05:20PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 05:54PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 02:10AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 01:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 01:32AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 22, 2010 03:00AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 03:58AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 05:46AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 06:12AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:22AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 06:26AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:56AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 08:22AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 08:30AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 08:48AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Jérôme Loyet	May 21, 2010 03:50PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Weibin Yao	May 23, 2010 11:24PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Jérôme Loyet	May 24, 2010 03:00AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Weibin Yao	May 24, 2010 04:20AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Cliff Wells	May 21, 2010 09:00PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Grzegorz Sienko	May 21, 2010 09:24PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 09:34PM
Re: nginx 0day exploit for nginx + fastcgi PHP	gdork	January 26, 2011 11:07PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	January 26, 2011 11:16PM
Re: nginx 0day exploit for nginx + fastcgi PHP	edogawaconan	January 27, 2011 12:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	January 27, 2011 01:08AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Cliff Wells	May 21, 2010 10:42PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ding Deng	May 22, 2010 09:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 22, 2010 03:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	brianmercer	May 21, 2010 05:03PM
Re: nginx 0day exploit for nginx + fastcgi PHP	tuurtnt	December 14, 2011 06:26PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Kraiser	February 17, 2012 09:53AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Reinis Rozitis	February 17, 2012 11:42AM
Re: nginx 0day exploit for nginx + fastcgi PHP	zsero	October 30, 2012 01:01PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 228

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018