Question only: docker-splitted enviroments attackable? #29
Comments
|
No, splitting nginx and php-fpm in different containers doesn't protect you in any way. It is strange that QSLs are found even though you have updated your servers. I suggest you to double check that. |
i am sorry as i was unclear. i retest the attack by downgrading the docker-images to our previous versions and run them only local.
ok, interessting then, it still hangs there. i guess your exploit would be able to handle that "remote-connection" (to the other container). |
Just a technical question, our servers are updated :)
We use a splitted enviroment where nginx runs in one container, php-fpm in another. I tried to reproduce the issue with your exploit, but it seems to hang at
while the project runs localy (8mins now). As i inspect your docker-file, you seem to have your enviroment combined in the same container. If the split we did protected us from the attack anyway, this would be a nice side-info :)
Also, if this is really the case, it would be may a idea to add it to the requirements?
Thanks for developing this poc!
The text was updated successfully, but these errors were encountered: