Nginx (engine x) is a high-performance HTTP and reverse proxy server, as well as an IMAP/POP3/SMTP server. Nginx is often used as a reverse proxy, the dynamic part is passed to the backend port by proxy_pass, and static files need to be processed by Nginx.
< div> 
If the static file is stored in the /home/ directory, and the directory is named files in the url, then you need to use alias to set the alias of the directory:
< /p>
this When you visit http://example.com/files/readme.txt, you can get the /home/readme.txt file.
But we noticed that there is no suffix / in /files on the url, and the /home/ set by alias has the suffix /, This / causes us to travel from the /home/ directory to his upper directory.
We then obtained an arbitrary file download vulnerability.
WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 4644 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC
