1.2 KiB
1.2 KiB
Nginx
Alias LFI Misconfiguration
Inside the Nginx configuration look the "location" statements, if someone looks like:
location /imgs {
alias /path/images/
}
There is a LFI vulnerability because:
/imgs../flag.txt
Transforms to:
/path/images/../flag.txt
The correct configuration will be:
location /imgs/ {
alias /path/images/
}
So, if you find some Nginx server you should check for this vulnerability. Also, you can discover it if you find that the files/directories brute force is behaving weird.
More info: https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/
Accunetix tests:
alias../ => HTTP status code 403
alias.../ => HTTP status code 404
alias../../ => HTTP status code 403
alias../../../../../../../../../../../ => HTTP status code 400
alias../ => HTTP status code 403
Static Analyzer tools
GIXY
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.