Vulnerability of Path traversal in NGINX + PHP-FPM
Posted: Thu Jul 17, 2025 9:33 am
Hello, good morning.
Please if someone could guide me with this problem.
There is a vulnerability in the NGINX installation with PHP-FPM where an attacker uploads a PHP file and can see all the folders and files of the other users in home and even goes to the root to see the files and folders of the server.
I have searched for information and this is the closest thing to how I am being attacked: https://portswigger.net/web-security/fi ... -traversal
Everything points that one of the server sites made in wordpress has a bug that allows them to upload me this PHP developed by NineSec Team Shell and with it they manage to see all the user's folders. This would not matter much to me if they only delete the data of that user, my big problem is that the NGINX+PHP-FPM bug allows them to see all the users from the home and get to the root. In this link I share with you the PHP so you can see the power it has: https://gofile.io/d/Jg7qJS
I did the test with a temporary installation of Apache+NGINX+PHP-FPM and the attacking PHP file is only trapped in the user's folder and does not display more.
I've been looking for information on this vulnerability and everyone mentions to check or fix the “Location” of NGINX but I don't know how to configure that in the Wordpress2_rewrite template to let the attacker trapped in the user's folder and not keep looking at the whole server.
https://www.acunetix.com/vulnerabilitie ... inx-alias/
https://joshua.hu/proxy-pass-nginx-deco ... -dangerous
Please if someone could guide me with this problem.
There is a vulnerability in the NGINX installation with PHP-FPM where an attacker uploads a PHP file and can see all the folders and files of the other users in home and even goes to the root to see the files and folders of the server.
I have searched for information and this is the closest thing to how I am being attacked: https://portswigger.net/web-security/fi ... -traversal
Everything points that one of the server sites made in wordpress has a bug that allows them to upload me this PHP developed by NineSec Team Shell and with it they manage to see all the user's folders. This would not matter much to me if they only delete the data of that user, my big problem is that the NGINX+PHP-FPM bug allows them to see all the users from the home and get to the root. In this link I share with you the PHP so you can see the power it has: https://gofile.io/d/Jg7qJS
I did the test with a temporary installation of Apache+NGINX+PHP-FPM and the attacking PHP file is only trapped in the user's folder and does not display more.
I've been looking for information on this vulnerability and everyone mentions to check or fix the “Location” of NGINX but I don't know how to configure that in the Wordpress2_rewrite template to let the attacker trapped in the user's folder and not keep looking at the whole server.
https://www.acunetix.com/vulnerabilitie ... inx-alias/
https://joshua.hu/proxy-pass-nginx-deco ... -dangerous