4.15.3. Nginx

4.15.3.1. Fast-CGI off

When Fast-CGI is turned off, Nginx still has a parsing vulnerability: add %00.php after the file path (xx.jpg) , then xx.jpg%00.php will be parsed as a php file

4.15.3.2. Fast-CGI enabled

When Fast-CGI is turned on, add /xx.php` after the file path (xx.jpg) , then ``xx.jpg%xx.php will be parsed as a php file

4.15.3.3. CVE-2013-4547

a.jpg\x20\x00.php

4.15.3.4. Misconfiguration

4.15.3.4.1. Directory Traversal

If there is a similar configuration like location /foo { alias /bar/; } in the configuration, it will be parsed /bar/../ as to cause directory traversal to occur

4.15.3.4.2. Directory Traversal

When autoindex on enabled in configuration, there is a directory traversal vulnerability in Nginx.

4.15.3.5. Reference Links

• In-depth exploitation and analysis of CVE-2013-4547 Nginx parsing vulnerability