Comments on: Nginx + PHP CGI的一个可能的安全漏洞

By: Nginx(PHP/fastcgi)的PATH_INFO问题 » ijser

Nginx(PHP/fastcgi)的PATH_INFO问题 » ijser — Fri, 18 Nov 2011 07:00:08 +0000

[...] 最近发现的一个安全漏洞(Nginx + PHP CGI的一个可能的安全漏洞)和这个配置有关系, 请大家务必在使用第二种配置的时候,关闭cgi.fix_pathinfo. [...]

By: Anonymous

Anonymous — Tue, 13 Sep 2011 10:34:19 +0000

我试了，我的nginx/0.7.67版本没有这个问题

By: nginx php fpm紧急漏洞修复！cgi.fix_pathinfo – www.ncun123.com博客

nginx php fpm紧急漏洞修复！cgi.fix_pathinfo – www.ncun123.com博客 — Wed, 10 Aug 2011 10:32:44 +0000

[...] PS: 鸣谢laruence大牛在分析过程中给的帮助 [...]

By: PATH_INFO是一个CGI 1.1的标准，经常用来做为传参载体. – www.ncun123.com博客

PATH_INFO是一个CGI 1.1的标准，经常用来做为传参载体. – www.ncun123.com博客 — Wed, 10 Aug 2011 07:49:19 +0000

[...] 最近发现的一个安全漏洞(Nginx + PHP CGI的一个可能的安全漏洞)和这个配置有关系, 请大家务必在使用第二种配置的时候,关闭cgi.fix_pathinfo. [...]

By: nginx文件类型错误解析漏洞 | 一沙一世界一花一天堂

nginx文件类型错误解析漏洞 | 一沙一世界一花一天堂 — Sun, 10 Jul 2011 05:34:50 +0000

[...] 鸣谢laruence大 [...]

By: Penetration Testing Lab › Nginx Security Law

Penetration Testing Lab › Nginx Security Law — Sat, 09 Apr 2011 01:58:11 +0000

[...] [1]http://hi.baidu.com/yuange1975/blog/item/4c223031a6727eaf5edf0e46.html [2]http://www.laruence.com/2010/05/20/1495.html This was written by admin. Posted on Friday, May 21, 2010, at 12:51 pm. Filed under Exploit. [...]

By: nginx文件类型错误解析漏洞 | Seczone

nginx文件类型错误解析漏洞 | Seczone — Mon, 04 Apr 2011 13:49:48 +0000

[...] PS: 鸣谢laruence大牛在分析过程中给的帮助 [...]

By: Wiki

Wiki — Fri, 01 Apr 2011 11:49:31 +0000

Wiki is a very useful page.

By: DADSA

DADSA — Tue, 22 Mar 2011 15:45:39 +0000

DASASDSA

By: hosting

hosting — Mon, 21 Mar 2011 01:20:38 +0000

This is awsome water text effect ))

By: 搜索引擎优化

搜索引擎优化 — Thu, 23 Dec 2010 09:27:21 +0000

试一下这代码，验证一下~

By: Wholesale Caps

Wholesale Caps — Mon, 22 Nov 2010 09:33:47 +0000

beautiful.we are waiting for you.

By: Cheap Hats

Cheap Hats — Mon, 22 Nov 2010 09:32:44 +0000

it`s worth to try.

By: youstar » 80后爆nginx 0day漏洞,测试可行~

youstar » 80后爆nginx 0day漏洞,测试可行~ — Wed, 13 Oct 2010 02:02:08 +0000

[...] Laruence：Nginx + PHP CGI的一个可能的安全漏洞：连接 [...]

By: film izle

film izle — Tue, 28 Sep 2010 14:18:33 +0000

thanks you , All are nice t-shirts the color combination is good.

By: new era hats

new era hats — Mon, 20 Sep 2010 01:14:04 +0000

Hi,verybody,I will come again.

By: Anonymous

Anonymous — Mon, 06 Sep 2010 20:17:45 +0000

if ($request_filename ~* (.*)\\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}

blog:blog.sina.com.cn/harleychen

By: Trail's Blog » Nginx(PHP/fastcgi)的PATH_INFO问题

Trail's Blog » Nginx(PHP/fastcgi)的PATH_INFO问题 — Fri, 06 Aug 2010 06:52:29 +0000

[...] 最近发现的一个安全漏洞(Nginx + PHP CGI的一个可能的安全漏洞)和这个配置有关系, 请大家务必在使用第二种配置的时候,关闭cgi.fix_pathinfo. [...]

By: SerranoMaritza33

SerranoMaritza33 — Mon, 26 Jul 2010 22:23:06 +0000

Following my own exploration, thousands of persons on our planet receive the personal loans from good banks. Therefore, there's great possibilities to receive a car loan in all countries.

By: nginx文件类型错误解析漏洞 | 会跳舞的鞋子

nginx文件类型错误解析漏洞 | 会跳舞的鞋子 — Fri, 23 Jul 2010 07:29:40 +0000

[...] 鸣谢laruence大牛在分析过程中给的帮助这篇日志发表于 Jul 22nd, 2010 08:31 于分类 [...]

Comments on: Nginx + PHP CGI的一个可能的安全漏洞

By: Nginx(PHP/fastcgi)的PATH_INFO问题 » ijser

By: Anonymous

By: nginx php fpm紧急漏洞修复！cgi.fix_pathinfo – www.ncun123.com博客

By: PATH_INFO是一个CGI 1.1的标准，经常用来做为传参载体. – www.ncun123.com博客

By: nginx文件类型错误解析漏洞 | 一沙一世界 一花一天堂

By: Penetration Testing Lab › Nginx Security Law

By: nginx文件类型错误解析漏洞 | Seczone

By: Wiki

By: DADSA

By: hosting

By: 搜索引擎优化

By: Wholesale Caps

By: Cheap Hats

By: youstar » 80后爆nginx 0day漏洞,测试可行~

By: film izle

By: new era hats

By: Anonymous

By: Trail's Blog » Nginx(PHP/fastcgi)的PATH_INFO问题

By: SerranoMaritza33

By: nginx文件类型错误解析漏洞 | 会跳舞的鞋子

By: nginx文件类型错误解析漏洞 | 一沙一世界一花一天堂