Welcome! Log In Create A New Profile

Advanced

Content Spoofing vulnerability

Posted by blason 
blason
Content Spoofing vulnerability
August 11, 2017 08:50AM
Hi Guys,

We have multiple webservers behind Nginx Reverse Proxy and at one of the
server we have discovered Content spoofing, the vulnerability is patched on
Apache but also needs to be patchef on Nginx server.

I googled a lot but unable to find a relevant information. Can someone
please suggest the way to mitigate the same on Nginx?

here is the Apache remediation

RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc\.biz
RewriteCond %{HTTP_HOST} !^www\.abc\.biz
RewriteRule ^(.*)$ - [L,R=404]
ErrorDocument 404 "Page Not Found"

RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\
HTTP/
#RewriteRule .* - [F,NS,L]
RewriteRule ^(.*)$ - [L,R=404]
ErrorDocument 404 "Page Not Found"

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276023,276023#msg-276023

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
c0nw0nk
Re: Content Spoofing vulnerability
August 11, 2017 04:20PM
blason Wrote:
-------------------------------------------------------
> Hi Guys,
>
> We have multiple webservers behind Nginx Reverse Proxy and at one of
> the server we have discovered Content spoofing, the vulnerability is
> patched on Apache but also needs to be patchef on Nginx server.
>
> I googled a lot but unable to find a relevant information. Can someone
> please suggest the way to mitigate the same on Nginx?
>
> here is the Apache remediation
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^abc\.biz
> RewriteCond %{HTTP_HOST} !^www\.abc\.biz
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"
>
> RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\
> [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\ HTTP/
> #RewriteRule .* - [F,NS,L]
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"


If your application is vulnerable to those kinds of attacks you should patch
it or get a WAF like Naxsi to prevent them.

https://www.owasp.org/index.php/Content_Spoofing

As the page shows.

<?php
$name = $_REQUEST ['name'];
?>
<html>
<h1>Welcome to the Internet!</h1>
<br>
<body>
Hello, <?php echo $name; ?>!
<p>We are so glad you are here!</p>
</body>
</html>

The page functionality can be tested by making the following GET request to
the page:

http://127.0.0.1/vulnerable.php?name=test-exploit-phishing-scam-etc

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276023,276029#msg-276029

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login