Hello participants of Mailing List. Last week I wrote new article. And I'll tell you briefly about conducting Code Execution attack on nginx web server. These topic should be interesting for you (especially for those, who haven't read it before). Earlier I wrote about three bypass methods of code execution via uploaders. Wrote about them in different advisories and in my 2011's article Attack via double extensions in Apache (http://websecurity.com.ua/5600/). In my article I've described two methods of attack on IIS (briefly with links to advisories, where these attacks were introduced) and in details described a method of attack on Apache with using double extensions. And now I'll describe fourth method of attack, which works on nginx. Attack via space in filename on nginx http://websecurity.com.ua/6887/ Recently vulnerability in nginx (CVE-2013-4547) was disclosed, which is fixed in versions nginx 1.4.4 and 1.5.7. Vulnerable are versions nginx 0.8.41 - 1.5.6. Code Execution attack on nginx: 1. Upload a file with space in the end "file " via uploader. E.g. php-script. 2. Make request to this file at web site in such way: "http://site/file \0.php". It will lead to execution of php-script. The attack will work only at special settings of web server (described in the article). But still it's interesting attack vector. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua