浏览模式: 标准 | 列表Tag:ngnix

Ngnix空子节可远程执行代码漏洞

Submitted by admin
2011, August 26, 8:25 AM

摘自微博:
Ngnix 出现高危漏洞,可远程执行代码:Ngnix在遇到%00空字节时与后端FastCGI处理不一致,导致可以在图片中嵌入PHP代码然后通过访问 xxx.jpg%00.php来执行其中的代码。影响版本:0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37。www.t00ls.net, S% v1 o$ M  i
Security1 M" v2 A) v7 S+ K$ M

 R, W
详细参考:
https://nealpoole.com/blog/2011/07/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/

 

Tags: ngnix

oday收藏 | 评论:0 | Trackbacks:0 | 阅读:14925