lnmp0.7
This article comes from a post by CAT, the moderator of the Global Hosting Forum: Jun Ge’s lnmp0.7 one-click installation package has a statement error in the installation script, which does not solve the PHP PATH_INFO vulnerability.
Solution: Download the php.ini file (/usr/local/php/etc/php.ini)
Search:

cgi.fix_pathinfo

Original code:

; cgi.fix_pathinfo=0

Exit the comment!
Alternatively, there is an easier way, log in via SSH and run the following code:

sed -i ‘s/; cgi.fix_pathinfo=0/cgi.fix_pathinfo=0/g’ /usr/local/php/etc/php.ini

Original address: http://www.hostloc.com/thread-60433-1-1.html
Vulnerability introduction: http://blog.s135.com/nginx_0day/
Reminder Friends who use the LNMP one-click installation package to build an environment, please hurry up to solve this problem!


Hong Kong/United States/Domestic High Speed ​​VPS

postid
22680

Leave a Reply