Now tried to test for the exploit (
http://forum.nginx.org/read.php?2,88845,88996) , nginx return 403
directly
without hitting my backend php
===============
curl -s -D - ‘http://www.example.com/test.jpg/f.php’
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 14 Dec 2012 17:40:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Access denied.
===============
Which version it was fixed?
Thanks.
On Sat, Dec 15, 2012 at 03:00:53PM +0800, howard chen wrote:
Hi there,
Now tried to test for the exploit (
Re: nginx 0day exploit for nginx + fastcgi PHP) , nginx return 403 directly
without hitting my backend php
Which version it was fixed?
What’s in your nginx.conf?
The one location that matches /test.jpg/f.php, plus the server-level
config if relevant?
I suspect it was fixed in “whichever version you used a suitable
configuration in”.
(But maybe I misunderstood the nature of the problem.)
Francis D. [email protected]
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs