Nginx resolve the vulnerability principle and the use of methods-vulnerability warning-the black bar safety net

ID MYHACK58:62201234769
Type myhack58
Reporter 佚名
Modified 2012-08-30T00:00:00


Nginx parses the vulnerability is already relatively old vulnerability, but on the Internet there are a lot of use there resolve the vulnerability the nginx version.

Long time no write articles, go to sleep go to law customers turn a circle see a nginx vulnerability penetration of the article, only to find himself seems to also did not write.


nginx parses the vulnerability is due to the nginx part of the version of the program itself, the vulnerability to cause the analysis of non-you can execute a script program such as PHP.

The following two hypotheses in the presence of a vulnerability on a site there is a picture url address is:

| 1 | //assuming the existence of this picture ---|---

2 | ---|---

3 | 1 ---|---

4 | ---|---

5 | and when our normal access, nginx will treat this as non-scripting language to directly read the transmitted drawing the client is a browser, but ---|---

6 | ---|---

7 | There is a parsing vulnerability in the nginx will put the following connection analysis and implementation~ of: ---|---

8 | ---|---

9 | 1 ---|---

1 0 | ---|---

1 1 | //old analytical methods such as written words, nginx will put the logo. jpg as a script analysis after the implementation of the output ---|---

1 2 | ---|---

1 3 | //this is 7 in mid-May broke the parsing vulnerability ---|---

[1] [2] [3] next