来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] 这是网站注入点...漏洞证明:读取敏感文件,一个一个的读,慢死我了修复方案:终于有发现了:loveyou.cfgContent is : server{listen 80;server_name bbs.travel.ifeng.com bbsfile.travel.ifeng.com;ssi ......
     这是网站注入点... 漏洞证明: 读取敏感文件,一个一个的读,慢死我了 修复方案: 终于有发现了:loveyou.cfg Content is : server { listen 80; server_name bbs.travel.ifeng.com bbsfile.travel.ifeng.com; ssi on; client_max_body_size 4m; index index.shtml index.html index.php; root /data/ifengsite/htdocs/bbs; if ( $fastcgi_script_name ~ \..*\/.*php ) { return 403; } location ~ ^/(admin|include|attachments|templates|forumdata)/.*\.(php|php5)$ { deny all; } location ~ .*admincp\.(php|php5)?$ { allow 220.181.67.0/24; allow 220.181.48.0/24; allow 210.51.19.0/24; allow 210.51.18.0/24; allow 211.151.61.0/24; allow 210.51.19.11; allow 127.0.0.1; deny all; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location ~ .*\.(php|php5)?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } error_page 404 /404.html; error_page 500 502 503 504 50x.html; location = /50x.html { root /data/ifengsite/htdocs; } location ~ .*\.(gif|jpg|png|bmp|jpeg|ico|tif|css)$ { expires 60m; valid_referers none blocked *.ifeng.com *.phoenixtv.com ; if ($invalid_referer) { return 403; } } location ~ .*\.(mpeg|mpg|mov|asf|wmv|wma|mp3|rm|rmvb|swf)$ { expires 120m; } location ~ .*\.(shtml|htm|html|js)$ { expires 10m; } log_format accessbbs '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" '; access_log /data/logs/nginx/bbs_access.log accessbbs; rewrite ^(.*)/archiver/((fid|tid)-[\w\-]+\.html)$ $1/archiver/index.php?$2 last; rewrite ^(.*)/forum-([0-9]+)-([0-9]+)\.html$ $1/forumdisplay.php?fid=$2&page=$3 last; rewrite ^(.*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/viewthread.php?tid=$2&extra=page%3D$4&page=$3 last; rewrite ^(.*)/tag-(.+)\.html$ $1/tag.php?name=$2 last; } server { listen 80; server_name app.travel.ifeng.com app.travel.fashion.ifeng.com; ssi on; index index.html index.php; root /data/ifengsite/htdocs/app; location ~ ^/(cache|upload|templates_c)/.*\.(php|php5)$ { deny all; } location ~ .*\.(php|php5)?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } error_page 404 /404.html; error_page 500 502 503 504 50x.html; location = /50x.html { root /data/ifengsite/htdocs; } location ~ .*\.(gif|jpg|png|bmp|jpeg|ico|tif|css)$ { expires 60m; valid_referers none blocked *.ifeng.com *.phoenixtv.com ; if ($invalid_referer) { return 403; } } location ~ .*\.(mpeg|mpg|mov|asf|wmv|wma|mp3|rm|rmvb|swf)$ { expires 120m; } location ~ .*\.(shtml|htm|html|js)$ { expires 10m; } log_format accessapp '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" '; access_log /data/logs/nginx/app_access.log accessapp; rewrite ^/scenery_comment_(\d+)$ /scenery_comment.php?scenery=$1 last; rewrite ^/scenery_(.*)$ /scenery.php?scenery_$1 last; rewrite ^/tools/((?!index.php|images|js|style).*)$ /tools/index.php?$1 last; rewrite ^/city_detail_(\d+)$ /city_detail.php?id=$1 last; rewrite ^/city_intro_(\d+)$ /city_intro.php?id=$1 last; rewrite ^/city_image_(\d+)$ /city_image.php?id=$1 last; rewrite ^/city_comment_(\d+)$ /city_comment.php?city=$1 last; rewrite ^/city_blog_(\d+)$ /city_blog.php?city=$1 last; rewrite ^/city_news_(\d+)$ /city_news.php?city=$1 last; rewrite ^/line_list_(\d+)$ /line_list.php?to_city_id2=$1 last; rewrite ^/line_detail_(\d+)$ /line_detail.php?id=$1 last; rewrite ^/map_(\w+)_(\d+)$ /map.php?$1=$2 last; rewrite ^/continent_(\d+)$ /continent.php?id=$1 last; rewrite ^/country_(\d+)$ /country.php?id=$1 last; rewrite ^/province_(\d+)$ /province.php?id=$1 last; rewrite ^/map_(\w+)_(\d+)$ /map.php?$1=$2 last; } server { listen 80; server_name admin.travel.ifeng.com; ssi on; index index.html index.php; root /data/ifengsite/htdocs/admin; location ~ .*\.(php|php5)?$ { allow 220.181.67.0/24; allow 210.51.19.0/24; allow 210.51.18.0/24; allow 211.151.61.0/24; allow 210.51.19.11; deny all; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location ~ .*\.(php|php5)?$ { #location ~ .*\.(php|php5)?$ { allow 220.181.67.0/24; allow 210.51.19.0/24; allow 210.51.18.0/24; allow 211.151.61.0/24; allow 210.51.19.11; deny all; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } error_page 404 /404.html; error_page 500 502 503 504 50x.html; location = /50x.html { root /data/ifengsite/htdocs; } location ~ .*\.(gif|jpg|png|bmp|jpeg|ico|tif|css)$ { expires 60m; valid_referers none blocked *.ifeng.com *.phoenixtv.com ; if ($invalid_referer) { return 403; } } location ~ .*\.(mpeg|mpg|mov|asf|wmv|wma|mp3|rm|rmvb|swf)$ { expires 120m; } location ~ .*\.(shtml|htm|html|js)$ { expires 10m; } log_format accessadmin '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" '; access_log /data/logs/nginx/admin_app_access.log accessadmin; } server { listen 80; server_name mysql.travel.ifeng.com; ssi on; index index.html index.php; root /data/ifengsite/htdocs/mysql; location ~ .*\.(php|php5)?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } error_page 404 /404.html; error_page 500 502 503 504 50x.html; location = /50x.html { root /data/ifengsite/htdocs; } location ~ .*\.(gif|jpg|png|bmp|jpeg|ico|tif|css)$ { expires 60m; valid_referers none blocked *.ifeng.com *.phoenixtv.com ; if ($invalid_referer) { return 403; } } location ~ .*\.(mpeg|mpg|mov|asf|wmv|wma|mp3|rm|rmvb|swf)$ { expires 120m; } location ~ .*\.(shtml|htm|html|js)$ { expires 10m; } log_format accessmysql '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" '; access_log /data/logs/nginx/mysql_access.log accessmysql; } 还有一个:tech.conf server { listen 80; server_name bbs.tech.ifeng.com; ssi on; index index.shtml index.html index.php; root /data/ifengsite/htdocs/tech_bbs; location ~ ^/(admin|attachments|templates|forumdata)/.*\.(php|php5)$ { deny all; } location ~ .*\.(php|php5)?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } error_page 404 /404.html; error_page 500 502 503 504 50x.html; location = /50x.html { root /data/ifengsite/htdocs; } location ~ .*\.(gif|jpg|png|bmp|jpeg|ico|tif|css)$ { expires 60m; valid_referers none blocked *.ifeng.com *.phoenixtv.com ; if ($invalid_referer) { return 403; } } location ~ .*\.(mpeg|mpg|mov|asf|wmv|wma|mp3|rm|rmvb|swf)$ { expires 120m; } location ~ .*\.(shtml|htm|html|js)$ { expires 10m; } log_format accesstechbbs '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" '; access_log /data/logs/nginx/tech_bbs_access.log accessbbs; } 呵呵路径和网站配置出来了,读取网站文件  打完收工..... 作者 疯狂 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
