[madness85]

ive just been reading about this http://www.vbulletin.com/forum/foru....xecuted-as-php

am i right saying if i add somefilename.php at the end of my avy i should get a 404 because it just loads the avy again. Is my server vulnerable?

I'm not even sure what info to provide for you guys to help me tbh but NGINX.config looks like this

#user nginx;
worker_processes 1;

#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;

#pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;

#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";

server_tokens off;

include /etc/nginx/conf.d/*.conf;
}

[Dave]

The configuration you posted doesn't contain the information we need.
The configuration files are stored at /etc/nginx/conf.d/*.conf.

[madness85]

Originally Posted by Dave

The configuration you posted doesn't contain the information we need.
The configuration files are stored at /etc/nginx/conf.d/*.conf.

hi dave i only have one file in that location zz010_psa_nginx.conf

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmail.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;

[Dave]

I guess we need to see the contents of the file /etc/nginx/plesk.conf.d/server.conf.
Just find the file which contains the PHP fastcgi configuration.

[madness85]

Originally Posted by Dave

I guess we need to see the contents of the file /etc/nginx/plesk.conf.d/server.conf.
Just find the file which contains the PHP fastcgi configuration.

think ive found it /etc/httpd/conf.d btw thanks for your help its very much appreciated

# This is the Apache server configuration file for providing FastCGI support
# via mod_fcgid
#
# Documentation is available at http://fastcgi.coremail.cn/doc.htm

LoadModule fcgid_module modules/mod_fcgid.so

<IfModule mod_fcgid.c>

<IfModule !mod_fastcgi.c>
AddHandler fcgid-script fcg fcgi fpl
</IfModule>

FcgidIPCDir /var/run/mod_fcgid/sock
FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm

FcgidIdleTimeout 40
FcgidProcessLifeTime 30
FcgidMaxProcesses 20
FcgidMaxProcessesPerClass 8
FcgidMinProcessesPerClass 0
FcgidConnectTimeout 30
FcgidIOTimeout 45
FcgidInitialEnv RAILS_ENV production
FcgidIdleScanInterval 10

</IfModule>

[Dave]

That part also does not show the PHP configuration we need to see.