Hello,
We detected XSS vulnerability when we use 301 or 302 redirections.
How to reproduce?
curl -I -k "http://example.com/test'""'>>" >
ayman.html
open ayman.html and you will get the popup!
I tried the below redirections and it's valid on all cases:
- return 301 https://www.exampl.com$req
fer 20M;
image_filter_interlace on;
}
If i disable the cache it's working perfectly!
Do you recommend to change anything in the config? What could be the issue?
Thanks.
Ayman
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,2801
Hi,
I have upgraded the GD library on the server recompiling nginx again and all
is good now.
Thanks a lot.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,280115,280507#msg-280507
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx
Hello,
I just installed image filter module for resizing images.
It worked as expected but we faced an issue that this module doesn't respect
EXIF so some images are being rotated to the original state then nginx resize
it.
Any idea how to fix this?
Thanks
Ayman
Sent from my i
