Nginx

Alias LFI Misconfiguration

Inside the Nginx configuration look the "location" statements, if someone looks like:

location /imgs { 
    alias /path/images/ 
}

There is a LFI vulnerability because:

/imgs../flag.txt

Transforms to:

/path/images/../flag.txt

The correct configuration will be:

location /imgs/ { 
    alias /path/images/ 
}

So, if you find some Nginx server you should check for this vulnerability. Also, you can discover it if you find that the files/directories brute force is behaving weird.

More info: https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/

Accunetix tests:

alias../ => HTTP status code 403
alias.../ => HTTP status code 404
alias../../ => HTTP status code 403
alias../../../../../../../../../../../ => HTTP status code 400
alias../ => HTTP status code 403

Static Analyzer tools

GIXY

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

1.2 KiB Raw Blame History

Nginx

Alias LFI Misconfiguration

Static Analyzer tools

GIXY

1.2 KiB

Raw Blame History