Results 1 to 3 of 3

Thread: New vulnerability!! Warning

  1. #1

    Default New vulnerability!! Warning

    Not inside AIHS but with AIHS+PHP+NGINX.
    (my server had this vulnerability)

    Try on your server.

    Usage to check:
    1. upload image i have attached here to you server
    2. try to open it (ex: and then use prefix /.php) so the link become

    If phpinfo information opens - you have this vulnerability.

    Now how to fix it:
    1) add in php.ini

    2) or less adviced method add to nginx.conf

    location ~ \.php$ {
    if ( -f $request_filename ) {
    fastcgi_pass unix:/tmp/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param script_FILENAME /scripts$fastcgi_script_name;
    include fastcgi_params;
    Attached Images Attached Images

  2. #2


    hi xavior for aih nginx url rewrite You know what?

    and this problem?:

  3. #3


    Sorry cant see not displaying.


    Previous was about eb394cd11.gif/.php

    Now it's with eb394cd11.gif%00.php

    In fact /. is the same as %00

    I've just have been hacked for a second time...


Similar Threads

  1. Replies: 4
    Last Post: 07-13-2009, 02:29 PM
  2. [AIH v2.2] Warning: copy(upload/)
    By QATARSPEED in forum Troubleshooting And Problems
    Replies: 1
    Last Post: 05-10-2009, 09:10 PM
  3. Keep show me 500 internal server error!
    By toyou in forum Customer Reviews
    Replies: 6
    Last Post: 12-16-2008, 01:47 PM
  4. Warning by Uploading a File
    By sb in forum MFHS v1.1
    Replies: 1
    Last Post: 10-26-2006, 04:16 PM
  5. Warning: mysql_escape_string()
    By stdio in forum MFHS v1.1
    Replies: 1
    Last Post: 06-19-2006, 05:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts