vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=315028

NGINX with fastcgi
by madness85
23 Oct 2014 14:12

ive just been reading about this http://www.vbulletin.com/forum/foru....xecuted-as-php

am i right saying if i add somefilename.php at the end of my avy i should get a 404 because it just loads the avy again. Is my server vulnerable?

I'm not even sure what info to provide for you guys to help me tbh but NGINX.config looks like this

#user nginx;
worker_processes 1;

#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;

#pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;

#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";

server_tokens off;

include /etc/nginx/conf.d/*.conf;
}

Dave 23 Oct 2014 14:47

The configuration you posted doesn't contain the information we need.
The configuration files are stored at /etc/nginx/conf.d/*.conf.

madness85 23 Oct 2014 16:05

Quote:

Originally Posted by Dave (Post 2519856)
The configuration you posted doesn't contain the information we need.
The configuration files are stored at /etc/nginx/conf.d/*.conf.

hi dave i only have one file in that location zz010_psa_nginx.conf

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmail.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;

Dave 23 Oct 2014 16:10

I guess we need to see the contents of the file /etc/nginx/plesk.conf.d/server.conf.
Just find the file which contains the PHP fastcgi configuration.

madness85 23 Oct 2014 17:59

Quote:

Originally Posted by Dave (Post 2519863)
I guess we need to see the contents of the file /etc/nginx/plesk.conf.d/server.conf.
Just find the file which contains the PHP fastcgi configuration.

think ive found it /etc/httpd/conf.d btw thanks for your help its very much appreciated

# This is the Apache server configuration file for providing FastCGI support
# via mod_fcgid
#
# Documentation is available at http://fastcgi.coremail.cn/doc.htm

LoadModule fcgid_module modules/mod_fcgid.so

<IfModule mod_fcgid.c>

<IfModule !mod_fastcgi.c>
AddHandler fcgid-script fcg fcgi fpl
</IfModule>

FcgidIPCDir /var/run/mod_fcgid/sock
FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm

FcgidIdleTimeout 40
FcgidProcessLifeTime 30
FcgidMaxProcesses 20
FcgidMaxProcessesPerClass 8
FcgidMinProcessesPerClass 0
FcgidConnectTimeout 30
FcgidIOTimeout 45
FcgidInitialEnv RAILS_ENV production
FcgidIdleScanInterval 10

</IfModule>

Dave 24 Oct 2014 08:33

That part also does not show the PHP configuration we need to see.


All times are GMT. The time now is 18:38.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.