以CGI方式支持php运行的配置文件php.ini中cgi.fix_pathinfo = 0 这条被注释的配置很
少关注,如果是基于nginx服务平台,请千万要开启这条配置指今,高度小心安全漏洞。
cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.
PHP's previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to
not grok what PATH_INFO is. For more information on PATH_INFO, see the cgi
specs. Setting this to 1 will cause PHP CGI to fix it's paths to conform to
the spec. A setting of zero causes PHP to behave as before. Default is 1. You
should fix your scripts to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
cgi.fix_pathinfo=0
nginx文件类型错误解析漏洞,简单修复(cgi.fix_pathinfo=0)
阅读(2659) | 评论(0) | 转发(0) |
