It's not my mistake | Path traversal via misconfigured NGINX alias

#NGINX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
The NGINX alias directive defines a replacement for the specified location.

NGINX misconfiguration leads to path traversal vulnerability. The incorrect configuration of the alias could allow an attacker to read file stored outside the target folder.

Remediation : Find all NGINX alias directives and make sure that the parent prefixed location ends with directory separator.

Vulnmachines​​ – Place for Pentesters
Vulnmachines is online cyber security training platform with a massive number of labs, allowing individuals, students, cyber professionals, companies, universities and all kinds of organizations around the world to enhance their practical skills with Real-world enterprise scenarios.

Visit : https://www.vulnmachines.com​​​​​

TheSecOps Group : The SecOps Group is founded by industry veterans. We have over 15 years of experience in providing cyber security consultancy and have worked with some of the largest blue chip companies. Being an independent boutique company, we enable our customers to continuously identify and assess their security postures and provide advice in securing against the adversaries.

Our team regularly speaks at international conferences (including Black Hat, Defcon, HITB, and OWASP Appsec). We pride ourselves in hiring the best talent and our passion is to stay up-to-date with the latest in the world of ethical hacking.

For business : https://secops.group/

Follow us
Twitter : https://www.twitter.com/vulnmachines
Facebook : https://www.fb.com/vulnmachines​​​​
LinkedIn : https://linkedin.com/company/vulnmachines

#infosec #cybersecurity #cyber #pentesting #cve #exploit #django #pentest #bugbounty #bugbountytips #vulnerability #information #owasptop10