首页 > nginx > 转发:Nginx文件类型错误解析漏洞

转发:Nginx文件类型错误解析漏洞

2010年5月24日 eric 发表评论 阅读评论

其实此漏洞并不是Nginx的漏洞,而是PHP PATH_INFO的漏洞,详见:http://bugs.php.net/bug.php?id=50852&edit=1
例如用户上传了一张照片,访问地址为http://www.domain.com/images/test.jpg,而test.jpg文件内的内容实际上是PHP代码时,通过http://www.domain.com/images/test.jpg/abc.php就能够执行该文件内的PHP代码。

网上提供的临时解决方法有:
  方法①、修改php.ini,设置cgi.fix_pathinfo = 0;然后重启php-cgi。此修改会影响到使用PATH_INFO伪静态的应用,例如我以前博文的URL:http://blog.s135.com/read.php/348.htm 就不能访问了。

  方法②、在nginx的配置文件添加如下内容后重启:if ( $fastcgi_script_name ~ \..*\/.*php ) {return 403;}。该匹配会影响类似 http://www.domain.com/software/5.0/test.php(5.0为目录),http://www.domain.com/goto.php/phpwind 的URL访问。

  方法③、对于存储图片的location{…},或虚拟主机server{…},只允许纯静态访问,不配置PHP访问。例如在金山逍遥网论坛、SNS上传的图片、附件,会传送到专门的图片、附件存储服务器集群上(pic.xoyo.com),这组服务器提供纯静态服务,无任何动态PHP配置。各大网站几乎全部进行了图片服务器分离,因此Nginx的此次漏洞对大型网站影响不大。

本人再提供一种修改nginx.conf配置文件的临时解决方法,兼容“http://blog.s135.com/demo/0day/phpinfo.php/test”的PATH_INFO伪静态,拒绝“http://blog.s135.com/demo/0day/phpinfo.jpg/test.php”的漏洞攻击:

location ~* .*\.php($|/)
{
      if ($request_filename ~* (.*)\.php) {
            set $php_url $1;
      }
      if (!-e $php_url.php) {
            return 403;
      }

      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      include fcgi.conf;
}

  也可将以下内容写在fcgi.conf文件中,便于多个虚拟主机引用:

if ($request_filename ~* (.*)\.php) {
    set $php_url $1;
}
if (!-e $php_url.php) {
    return 403;
}

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $uri;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

有人说测试 php-fpm 0.6 就不会有此BUG,我测试还是有这个BUG ,我不知道为什么,按照张宴blog的解决方法,解决的。

转自:http://blog.s135.com/nginx_0day/

转载请注明:文章转载自:Eric's linux and nginx! (http://www.nginxs.com)
本文地址:http://www.nginxs.com/linux/166.html

分类: nginx 标签: , ,
  1. 2017年11月8日06:55 | #1

    I constantly spent my half an hour to read this weblog’s articles every day along with
    a mug of coffee.

  2. 2017年11月15日15:22 | #2

    I love what you guys tend to be up too. This kind of clever work and
    coverage! Keep up the good works guys I’ve added you guys to blogroll.

  3. 2017年11月16日07:20 | #3

    When I initially left a comment I seem to have clicked on the -Notify me when new comments are added-
    checkbox and now each time a comment is added I receive 4 emails with the same
    comment. Perhaps there is a means you are able to
    remove me from that service? Appreciate it!

  4. 2017年11月16日08:45 | #4

    Nice post. I was checking constantly this blog and I’m impressed!
    Extremely useful info specifically the last phase :) I maintain such
    information much. I was looking for this certain information for a
    very lengthy time. Thank you and good luck.

  5. 2017年11月17日02:56 | #5

    You actually make it seem so easy with your presentation but I find this
    matter to be actually something which I think I would
    never understand. It seems too complex and extremely broad for me.

    I’m looking forward for your next post, I’ll try to
    get the hang of it!

  6. 2017年11月17日05:48 | #6

    Hey there! This is kind of off topic but I need some guidance from an established blog.
    Is it very hard to set up your own blog? I’m not very techincal but
    I can figure things out pretty quick. I’m thinking about making my own but I’m not sure where to begin. Do you have any ideas or suggestions?
    Thanks

  7. 2017年11月17日08:11 | #7

    Remarkable! Its truly remarkable piece of writing, I have got much clear idea concerning from this paragraph.

  8. 2017年11月18日01:05 | #8

    Your way of explaining everything in this piece of
    writing is truly good, all be capable of effortlessly be aware of it, Thanks a lot.

  9. 2017年11月18日01:52 | #9

    bookmarked!!, I really like your blog!

  10. 2017年11月18日15:57 | #10

    each time i used to read smaller posts which also clear their motive,
    and that is also happening with this piece of writing which I am reading at this time.

  11. 2017年11月19日23:32 | #11

    After looking into a handful of the articles on your site, I really appreciate your technique of blogging.
    I bookmarked it to my bookmark website list and will
    be checking back in the near future. Please visit my
    website too and tell me how you feel.

  12. 2017年11月20日17:32 | #12

    What’s up to all, it’s actually a pleasant for me to pay a quick visit this website,
    it includes priceless Information.

  13. 2017年11月21日06:51 | #13

    Wonderful blog! I found it while searching on Yahoo News.
    Do you have any tips on how to get listed in Yahoo News?
    I’ve been trying for a while but I never seem to get there!

    Cheers

  14. 2017年11月21日07:27 | #14

    I am extremely inspired with your writing talents and
    also with the format to your blog. Is that this a paid subject matter or did you customize it your self?
    Anyway keep up the excellent quality writing, it’s uncommon to see a great weblog like this one these days..

  15. 2017年11月21日08:17 | #15

    I’m really enjoying the design and layout of your site.
    It’s a very easy on the eyes which makes it much more pleasant for
    me to come here and visit more often. Did you hire out a developer to create your theme?
    Excellent work!

  16. 2017年11月21日08:34 | #16

    It is the best time to make a few plans for the longer term
    and it’s time to be happy. I have learn this put up and if
    I may just I desire to suggest you few fascinating things or advice.
    Perhaps you can write subsequent articles referring to this article.

    I desire to read even more issues about it!

  17. 2017年11月21日11:03 | #17

    I was more than happy to find this web site.
    I need to to thank you for ones time due to this
    fantastic read!! I definitely appreciated every part of it and I have you book-marked to see new
    things on your website.

  18. 2017年11月21日12:09 | #18

    Hi there, I found your blog by way of Google even as looking for
    a comparable topic, your web site came up, it appears to be like good.

    I’ve bookmarked it in my google bookmarks.
    Hi there, just was alert to your blog via Google,
    and located that it’s truly informative. I am
    gonna watch out for brussels. I will be grateful
    if you proceed this in future. A lot of other people will probably be benefited from your writing.
    Cheers!

  19. 2017年11月24日15:25 | #19

    I am regular visitor, how are you everybody?
    This piece of writing posted at this site is in fact
    fastidious.

  20. 2017年12月27日22:15 | #20

    online casino real money
    casino games list
    casino games list
    casino online
    casino online usa

  21. 2017年12月29日17:06 | #21

    casino games
    casino games
    free casino games
    free casino games
    free casino games

  22. 2018年1月2日00:06 | #22

    online roulette casino australia
    casino real money
    online casino real money games

  23. 2018年1月2日18:46 | #23

    The very best pornography video clips in premium quality.
    pornmovs.net

  24. 2018年1月3日08:25 | #24

    payday loans no credit check
    loans no credit
    payday loans no credit check
    payday loans no credit check
    payday loans online no credit check

  25. 2018年1月4日16:39 | #25

    Thank you for some other magnificent post. The place else could
    anyone get that type of information in such a perfect manner of writing?
    I’ve a presentation subsequent week, and I’m
    on the look for such information.

  26. 2018年1月10日08:47 | #26

    real money casino
    online slots
    online slots
    casino games
    online casino

  27. 2018年1月12日12:06 | #27

    glass hatch pattern autocad download
    autodesk autocad
    introduction to autocad 2011 pdf download

  28. 2018年1月15日14:59 | #28

    payday loans no credit check
    loans no credit check
    payday loans online no credit check
    payday loans no credit check
    payday loans no credit

  29. 2018年1月21日13:15 | #29

    payday loans online
    payday loans no credit check
    payday loans no credit check
    payday loans no credit check
    payday loans

评论分页
1 2 3 4 166
订阅评论
5+6= (必填)