Y
Hacker News
new
|
ask
|
show
|
jobs
by
discordianfish
3391 days ago
This is a very interesting attack vector. There are many situations where less privileged users can inject stuff into an nginx config.
1 comments
TarqDirtyToMe
3391 days ago
I'd be interested to see if any web-based control panels are vulnerable in a similar way. All of the client_*_temp_path directives are valid in http,server, and location contexts so you have a lot of flexibility there.
link