Nginx

Alias LFI Misconfiguration

Inside the Nginx configuration look the "location" statements, if someone looks like:

location /imgs { 
    alias /path/images/ 
}

There is a LFI vulnerability because:

/imgs../flag.txt

Transforms to:

/path/images/../flag.txt

The correct configuration will be:

location /imgs/ { 
    alias /path/images/ 
}

So, if you find some Nginx server you should check for this vulnerability. Also, you can discover it if you find that the files/directories brute force is behaving weird.

More info: https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/

Accunetix tests:

alias../ => HTTP status code 403
alias.../ => HTTP status code 404
alias../../ => HTTP status code 403
alias../../../../../../../../../../../ => HTTP status code 400
alias../ => HTTP status code 403

Static Analyzer tools

GIXY

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

上一页Joomla 下一页PHP Tricks (SPA)

最后更新于5年前

hashtagAlias LFI Misconfiguration

hashtagStatic Analyzer tools

hashtagGIXYarrow-up-right

Alias LFI Misconfiguration

Static Analyzer tools

GIXY