MySQL Infobright 数据仓库快速安装笔记[原创]
快速跳转到Google SSL 中文版的网址:ggssl.com [此文被墙,无法浏览]
2010-5-21 18:46 | by
[文章作者:张宴 本文版本:v1.2 最后修改:2010.05.24 转载请注明原文链接:http://blog.zyan.cc/nginx_0day/]
注:2010年5月23日14:00前阅读本文的朋友,请按目前v1.1版本的最新配置进行设置。
昨日,80Sec 爆出Nginx具有严重的0day漏洞,详见《Nginx文件类型错误解析漏洞》。只要用户拥有上传图片权限的Nginx+PHP服务器,就有被入侵的可能。
其实此漏洞并不是Nginx的漏洞,而是PHP PATH_INFO的漏洞,详见:http://bugs.php.net/bug.php?id=50852&edit=1
例如用户上传了一张照片,访问地址为http://www.domain.com/images/test.jpg,而test.jpg文件内的内容实际上是PHP代码时,通过http://www.domain.com/images/test.jpg/abc.php就能够执行该文件内的PHP代码。
网上提供的临时解决方法有:
方法①、修改php.ini,设置cgi.fix_pathinfo = 0;然后重启php-cgi。此修改会影响到使用PATH_INFO伪静态的应用,例如我以前博文的URL:http://blog.zyan.cc/read.php/348.htm 就不能访问了。
方法②、在nginx的配置文件添加如下内容后重启:if ( $fastcgi_script_name ~ \..*\/.*php ) {return 403;}。该匹配会影响类似 http://www.domain.com/software/5.0/test.php(5.0为目录),http://www.domain.com/goto.php/phpwind 的URL访问。
方法③、对于存储图片的location{...},或虚拟主机server{...},只允许纯静态访问,不配置PHP访问。例如在金山逍遥网论坛、SNS上传的图片、附件,会传送到专门的图片、附件存储服务器集群上(pic.xoyo.com),这组服务器提供纯静态服务,无任何动态PHP配置。各大网站几乎全部进行了图片服务器分离,因此Nginx的此次漏洞对大型网站影响不大。
本人再提供一种修改nginx.conf配置文件的临时解决方法,兼容“http://blog.zyan.cc/demo/0day/phpinfo.php/test”的PATH_INFO伪静态,拒绝“http://blog.zyan.cc/demo/0day/phpinfo.jpg/test.php”的漏洞攻击:
也可将以下内容写在fcgi.conf文件中,便于多个虚拟主机引用:
附:文章修改历史
● [2010年05月21日] [Version 1.0] 新建
● [2010年05月23日] [Version 1.1] 针对网友michael提出的“如果构造一个形如/..trojan.jpg/dummy.php/?abcd=1,似乎可以绕过防范的nginx配置”,进行了配置修改,防范了此类情况发生。提供测试的URL如下,拒绝漏洞访问:
http://blog.zyan.cc/demo/0day/phpinfo.jpg (里面是PHP代码)
http://blog.zyan.cc/demo/0day/phpinfo.jpg/.php
http://blog.zyan.cc/demo/0day/phpinfo.jpg/dummy.php
http://blog.zyan.cc/demo/0day/phpinfo.jpg/dummy.php/?abcd=1
同时兼容正常的PATH_INFO伪静态请求,测试URL如下:
http://blog.zyan.cc/demo/0day/phpinfo.php (这是正常的PHP文件)
http://blog.zyan.cc/demo/0day/phpinfo.php/test
http://blog.zyan.cc/demo/0day/phpinfo.php/news123.html
http://blog.zyan.cc/read.php/348.htm
● [2010年05月24日] [Version 1.2] 修正文字描述错误。
注:2010年5月23日14:00前阅读本文的朋友,请按目前v1.1版本的最新配置进行设置。
昨日,80Sec 爆出Nginx具有严重的0day漏洞,详见《Nginx文件类型错误解析漏洞》。只要用户拥有上传图片权限的Nginx+PHP服务器,就有被入侵的可能。
其实此漏洞并不是Nginx的漏洞,而是PHP PATH_INFO的漏洞,详见:http://bugs.php.net/bug.php?id=50852&edit=1
例如用户上传了一张照片,访问地址为http://www.domain.com/images/test.jpg,而test.jpg文件内的内容实际上是PHP代码时,通过http://www.domain.com/images/test.jpg/abc.php就能够执行该文件内的PHP代码。
网上提供的临时解决方法有:
方法①、修改php.ini,设置cgi.fix_pathinfo = 0;然后重启php-cgi。此修改会影响到使用PATH_INFO伪静态的应用,例如我以前博文的URL:http://blog.zyan.cc/read.php/348.htm 就不能访问了。
方法②、在nginx的配置文件添加如下内容后重启:if ( $fastcgi_script_name ~ \..*\/.*php ) {return 403;}。该匹配会影响类似 http://www.domain.com/software/5.0/test.php(5.0为目录),http://www.domain.com/goto.php/phpwind 的URL访问。
方法③、对于存储图片的location{...},或虚拟主机server{...},只允许纯静态访问,不配置PHP访问。例如在金山逍遥网论坛、SNS上传的图片、附件,会传送到专门的图片、附件存储服务器集群上(pic.xoyo.com),这组服务器提供纯静态服务,无任何动态PHP配置。各大网站几乎全部进行了图片服务器分离,因此Nginx的此次漏洞对大型网站影响不大。
本人再提供一种修改nginx.conf配置文件的临时解决方法,兼容“http://blog.zyan.cc/demo/0day/phpinfo.php/test”的PATH_INFO伪静态,拒绝“http://blog.zyan.cc/demo/0day/phpinfo.jpg/test.php”的漏洞攻击:
location ~* .*\.php($|/)
{
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
{
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
也可将以下内容写在fcgi.conf文件中,便于多个虚拟主机引用:
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $uri;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $uri;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
附:文章修改历史
● [2010年05月21日] [Version 1.0] 新建
● [2010年05月23日] [Version 1.1] 针对网友michael提出的“如果构造一个形如/..trojan.jpg/dummy.php/?abcd=1,似乎可以绕过防范的nginx配置”,进行了配置修改,防范了此类情况发生。提供测试的URL如下,拒绝漏洞访问:
http://blog.zyan.cc/demo/0day/phpinfo.jpg (里面是PHP代码)
http://blog.zyan.cc/demo/0day/phpinfo.jpg/.php
http://blog.zyan.cc/demo/0day/phpinfo.jpg/dummy.php
http://blog.zyan.cc/demo/0day/phpinfo.jpg/dummy.php/?abcd=1
同时兼容正常的PATH_INFO伪静态请求,测试URL如下:
http://blog.zyan.cc/demo/0day/phpinfo.php (这是正常的PHP文件)
http://blog.zyan.cc/demo/0day/phpinfo.php/test
http://blog.zyan.cc/demo/0day/phpinfo.php/news123.html
http://blog.zyan.cc/read.php/348.htm
● [2010年05月24日] [Version 1.2] 修正文字描述错误。
온라인카지노 
2025-6-24 10:54
도박꾼 | 온라인 슬롯사이트, 먹튀검증, 카지노 커뮤니티 온라인슬롯, 슬롯사이트, 먹튀검증, 온라인카지노, 토토사이트, 카지노 커뮤니티, 슬롯커뮤니티, 무료슬롯체험, 온라인바카라, 에볼루션카지노, 프라그마틱슬롯 온라인카지노 https://kkuns.com
온라인카지노
2025-6-24 10:56
도박꾼 | 온라인 슬롯사이트, 먹튀검증, 카지노 커뮤니티 온라인슬롯, 슬롯사이트, 먹튀검증, 온라인카지노, 토토사이트, 카지노 커뮤니티, 슬롯커뮤니티, 무료슬롯체험, 온라인바카라, 에볼루션카지노, 프라그마틱슬롯 온라인카지노 https://kkuns.com
dfdsfds
2025-6-25 16:09
Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks krt carts
sdfdsfds
2025-6-28 21:35
I am definitely enjoying your website. You definitely have some great insight and great stories. sleutel binnen vergeten
카지노p:/
2025-6-29 15:15
도박꾼 | 온라인 슬롯사이트, 먹?rking.com/st 온라인슬롯, 슬롯사이트, 먹튀검증, 온라인카지노, 토토사이트, 카지노 커뮤니티, 슬롯커뮤4%EB%B0%95%EA%BE%BC-%EC%98%A8%EB%9D% 카지노p:/ https://kkuns.com
DSFDSF
2025-6-29 16:05
I read that Post and got it fine and informative. Daman games
SDFDSF
2025-7-1 20:39
You there, this is really good post here. Thanks for taking the time to post such valuable information. Quality content is what always gets the visitors coming. SoundCloud Downloader
DSFSFD
2025-7-3 21:32
Excellent article. Very interesting to read. I really love to read such a nice article. Thanks! keep rocking. afgebroken sleutel eruit halen
슬롯 사이트
2025-7-4 15:00
I haven’t any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us. <a href="https://xn--bb0bo0gz8cfzm9zonug.net">슬롯 사이트</a> I haven’t any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us. 슬롯 사이트 슬롯 사이트 https://xn--bb0bo0gz8cfzm9zonug.net
웹툰사이트
2025-7-6 10:51
"해피툰은 다양한 무료 웹툰, 웹툰 미리보기 사이트, 웹툰 사이트 순위, 무료 웹툰 사이트를 제공하는 사이트입니다. 해피툰의 가장 빠른 주소로 안내해드리겠습니다. no1 무료 웹툰 사이트를 이용해보세요."/>https://shorturl.at/s2q9J
dasfdsfsd
2025-7-7 21:48
This blog is really great. The information here will surely be of some help to me. Thanks!. binary strategy
dfds
2025-7-9 17:27
La configuration IPTV Smarters Pro est simple et rapide, permettant aux utilisateurs de profiter facilement de leurs chaînes préférées. Après l’installation de l’application, il suffit d’ajouter une liste de lecture M3U ou un lien Xtream Codes fourni par le fournisseur IPTV. L’interface intuitive guide l’utilisateur dans la personnalisation des paramètres, comme le choix des langues, les favoris et le contrôle parental. Cette configuration optimisée garantit une expérience fluide et agréable, adaptée à tous les appareils compatibles, pour une télévision en direct sans souci Configuration IPTV Smarters Pro
sdfsfsd
2025-7-13 21:32
You there, this is really good post here. Thanks for taking the time to post such valuable information. Quality content is what always gets the visitors coming. olxtoto
sdfsfsd
2025-7-13 21:49
Excellent .. Amazing .. I’ll bookmark your blog and take the feeds also…I’m happy to find so many useful info here in the post, we need work out more techniques in this regard, thanks for sharing. سایت شرط بندی
온라인카지노
2025-7-14 11:24
도박꾼 | 온라인 슬롯사이트, 먹튀검증, 카지노 커뮤니티 온라인슬롯, 슬롯사이트, 먹튀검증, 온라인카지노, 토토사이트, 카지노 커뮤니티, 슬롯커뮤니티, 무료슬롯체험, 온라인바카라, 에볼루션카지노, 프라그마틱슬롯 온라인카지노 https://kkuns.com
分页: 10/10 
5 6 7 8 9 10 
5 6 7 8 9 10
