Middleware vulnerabilities summary (two) - Nginx

(A) Nginx Profile

　　Nginx is a lightweight Web server, reverse proxy server and e-mail (IMAP / POP3) proxy server, and released under a BSD-like agreement. It features occupy less memory, high concurrency, the ability to do concurrent nginx fact the same type of web server performance is better

(B) file parsing

　　1 , and causes of vulnerability Introduction

　　　　For any file name, behind the Add / .php any filename parsing vulnerabilities, such as the original file name is test.jpg, you can add test.jpg / x.php parsing attacks.

　　2 , bugs reproduce

　　　　I.gif a new file in the root of the site, which is written in phpinfo ()

　　　　Open the browser

　　　　Use file parsing vulnerability input 192.168.139.129:100/i.gif.2.php, found it impossible to resolve

　　　　The /etc/php5/fpm/pool.d/ www.conf .php deletion of security.limit_extensions = .php

　　　　Again open in a browser, successfully resolved

　　3 , bug fixes

　　　　1) The php.ini file cgi.fix_pathinfo value is set to 0. Thus when the parsing php 1.php / 1.jpg this directory does not exist is displayed as long as 1.jpg 404;

　　　　2) The /etc/php5/fpm/pool.d/ www.conf value is set in the back .php security.limit_ectensions

(C) directory traversal

　　1 , and causes of vulnerability Introduction

　　　　Nginx, like directory traversal and Apache, belongs to configuration issues, wrong configuration may lead to directory traversal and source code disclosure '

　　2 , bugs reproduce

　　　　Open test directory, found it impossible to open