nginx fastcgi configuration mistakes+parsing vulnerability-induced vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201233066
Type myhack58
Reporter 佚名
Modified 2012-02-09T00:00:00


Now there are many sites with nginx, since the N months before the nginx parsing vulnerability since now almost all fixed, the General statement is written so

if ( $fastcgi_script_name ~ \..*\/.* php ) { return 4 0 3; }

When matching/. php*when it returns 4 0 3

但是 有些 fastcgi 配置 的 却 不只 有 .php and some are even configured with the ph*, the online has an article is so written.

This. ph就 没法 匹配 .phpit also raises vulnerability

This bug is a friend of mine Clouds found,

[1] [2] next