Nginx Server Misconfiguration Vulnerability - Images executed as PHP
 

Nginx is an popular open source Web server with a strong focus on high concurrency, performance and low memory usage. Many forums use Nginix as their server software.

There is a old nginx server misconfiguration vulnerability that allows attackers to upload PHP backdoor scripts onto the sites server. Since this is not a problem with nginx but rather in the way the server is configured this has not been patched in software updates. This misconfiguration is therefore still being used by hackers to hack forums.

The attack possible by a very simple misconfiguration between nginx and php-fastcgi which can allow non-PHP files to be executed as PHP files.

To exploit the vulnerability, typically the attacker will register as a member on the forums and then upload an image either as an avatar, profile picture, signature etc. The image will have the extension of JPG, GIF or PNG. However besides the image data the image also contains PHP code.

Supposing the attacker loads a gif avatar with the URL http://www.forum.com/forums/customavatars/avatar70.gif he will then browse to the url and add somefilename.php to the end like this HTML Code:
http://www.forum.com/forums/customav...mefilename.php
and execute the gif image as php.

Nginix users are therefore advised to check their server configuration to guard against this vulnerability. More details about this and suggested measures can be had over here https://nealpoole.com/blog/2011/04/s...configuration/