This Write-up Very useful for Bug Hunters and System Admins and Web Developers
Summary
if you are using ngnix as web server in production or staging you may be configure the alias directives in the wrong way and that’s lead To Path Traversal Attack which mean The Attacker Cloud Be Have Access To sensitive files like .git or some source code files or config files or etc…..
in this write-up will learn how to configure directives ngnix in the right way
the default config file is /etc/nginx/nginx.conf
location /i {
alias /data/w3/images/;
}if the location doesn’t ends with directory separator (/)
The incorrect configuration of the alias could allow an attacker to read file stored outside the target folder. like (/i../app/config.py)
The Correct Configuration in this part is
location /i/ {
alias /data/w3/images/;
}My Proof Of Concept
Remediation
Find all NGINX alias directives and make sure that the parent prefixed location ends with directory separator.
and I Recommended To Use Gixy is a tool to analyze Nginx configuration and to find the security Issues
Rewarded 500 $
