In this CIP blog, we will be finding out how to search for exposed NGINX configuration files using Criminal IP.
What Are NGINX Configuration Files?
NGINX is a type of webserver that is commonly used alongside Apache. In particular, traffic-intensive sites like Netflix, Dropbox and many popular websites are using NGINX. NGINX’s configuration file guides users through on how to set up an NGINX server. This means that there are sensitive information about the server included which can be something of interest to hackers.
The default name of NGINX webserver’s configuration file is “nginx.conf” so you can find configuration files on asset search by searching the default name as the keyword. As shown in the image below, if you search the keyword “nginx.conf” with the filter “title: index”, you can find nginx.conf files on sites with directory index vulnerability.
How to Find NGINX Configuration File Management Tools:
Although there are many ways to search for NGINX configuration files, if you search for sites that have ‘Nginx UI’ in their HTML title, you can check NGINX UI pages that manages various configuration files of NGINX webservers.
The critical part of this example is that the configuration value can be changed and applied. If you click on the sub-menu ‘Main Config’, you can check the configuration file of NGINX webserver (nginx.conf) and change its configuration value.
As many people, including internet service companies are using NGINX servers, they are always a major target for hackers. There are many cases of cyberattacks that have been carried out by targeting exposed vulnerabilities.
Therefore, checking if the NGINX webserver you’re managing doesn’t have any exposed configuration files by mistake should be the most basic yet prioritized security measure that should be taken.
If you want to find out how to search for webservers built using NGINX, check out our article “Search for Applications Exposed to Attack Surface Using Product Filter on Asset Search” which explains how to use the product filter.
Source : Criminal IP (https://www.criminalip.io)