解决nginx解析漏洞误报高的问题 (#913)

1in9e · web-flow · commit 8090232030b9 · 2020-11-04T17:38:08.000+08:00
* 解决nginx解析漏洞误报高的问题

* 解决nginx解析漏洞误报问题

* 解决nginx解析漏洞误报问题
diff --git a/pocs/phpstudy-nginx-wrong-resolve-2.yml b/pocs/phpstudy-nginx-wrong-resolve-2.yml
@@ -19,7 +19,13 @@ rules:
     follow_redirects: false
     expression: |
       response.status == 200 && response.headers["Server"].contains("nginx")
+
+  - method: GET
+    path: /index.php/.xxx
+    follow_redirects: false
+    expression: |
+      response.status != 200
 detail:
-  author: LoRexxar(https://lorexxar.cn)
+  author: LoRexxar(https://lorexxar.cn),0h1in9e(https://www.ohlinge.cn)
   links:
     - https://www.seebug.org/vuldb/ssvid-98364
diff --git a/pocs/phpstudy-nginx-wrong-resolve.yml b/pocs/phpstudy-nginx-wrong-resolve.yml
@@ -19,7 +19,13 @@ rules:
     follow_redirects: false
     expression: |
       response.status == 200 && response.headers["Server"].contains("nginx")
+
+  - method: GET
+    path: /index.html/.xxx
+    follow_redirects: false
+    expression: |
+      response.status != 200
 detail:
-  author: LoRexxar(https://lorexxar.cn)
+  author: LoRexxar(https://lorexxar.cn),0h1in9e(https://www.ohlinge.cn)
   links:
     - https://www.seebug.org/vuldb/ssvid-98364
