What are the common vulnerabilities in nginx? 01/16 Update SLTechnology News&Howtos

What are the common vulnerabilities in nginx?

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what are the common loopholes in nginx". In the daily operation, I believe many people have doubts about the common loopholes in nginx. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts about "what common loopholes are there in nginx?" Next, please follow the editor to study!

Nginx vulnerability Daquan nginx parsing vulnerability CVE-2013-4547-nginx filename logic vulnerability

The affected version is: Nginx 0.8.41 ~ 1.4.3 / 1.5.0 ~ 1.5.7

Vulnerability description: this vulnerability actually does not have much to do with code execution, the main reason is that the requested URI is incorrectly parsed

The file name requested by the user was obtained incorrectly, resulting in a collateral effect of permission bypass and code execution.

Vulnerability testing

Environment building:

Set up an upload page of nginx:1.4.2 locally

Vulnerability recurrence process:

1. First of all, it is judged that the format of the file upload is the whitelist mechanism. Upload a 1.jpg Trojan, grab the package, modify it, and then add a space-> 1.jpg.

And then put the bag.

two。 Found its address.

3. Build request url: http://192.168.127.133:8080/uploadfiles/1.jpgaaaphp

After grasping the bag, modify its binary value to change 61 61 61 to 20 00 2e respectively.

And then put the bag.

Resolution vulnerability due to improper user configuration

Affected version: independent of the nginx,php version, this is because the default value of the option cgi.fix_pathinfo in php is turned on, so when nginx sees the file ending with .php, it is handed over to php for processing, which is equivalent to an iis7.5 parsing vulnerability.

Recurrence of vulnerabilities:

1. Upload a normal picture of horse bypass detection

two。 Then add / .php and you will find that the picture is parsed into php code.

Truncation analysis

Impact version: 0.5, 0.6, 0.7

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.