Ngnix空子节可远程执行代码漏洞

2011, August 26, 8:25 AM. oday收藏
Submitted by admin

摘自微博:
Ngnix 出现高危漏洞,可远程执行代码:Ngnix在遇到%00空字节时与后端FastCGI处理不一致,导致可以在图片中嵌入PHP代码然后通过访问 xxx.jpg%00.php来执行其中的代码。影响版本:0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37。www.t00ls.net, S% v1 o$ M  i
Security1 M" v2 A) v7 S+ K$ M

 R, W
详细参考:
https://nealpoole.com/blog/2011/07/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/

 

Tags: ngnix

« 上一篇 | 下一篇 »

Trackbacks
点击获得Trackback地址,Encode: UTF-8 点击获得Trackback地址,Encode: GB2312 or GBK 点击获得Trackback地址,Encode: BIG5
发表评论

评论内容 (必填):