nginx rewrite trick

1. ##
2. # From the computer overground, comes a dumb parlor trick that can
3. # be leveraged to social engineer people who trust the file extensions
4. # of remote servers.
5. #
6. # Live demo: https://s.arciszewski.me/rewritepoc/test.txt
7. ##
8. Add this to the nginx config for any virtual host:
9.   rewrite ^/rewritepoc/(.*)/?$ /pocrw.php?file=$1;
10.  
11. Or if you use Apache, this should do the trick:
12.   RewriteRule ^\/rewritepoc\/(.*)\/?$ /pocrw.php?file=$1 [L]
13.  
14. Then save the following as pocrw.php
15. <?
16. header("Content-Type: text/html;charset=UTF-8");
17. ?>
18. <!DOCTYPE html>
19. <html>
20.   <head>
21.     <title>PoC</title>
22. <script type="application/javascript">
23.   alert("You are now breathing manually.\nYou accessed: /rewritepoc/<?=htmlspecialchars($_GET['file'], ENT_QUOTES | ENT_HTML5, 'UTF-8'); ?>");
24.   window.location="https://torproject.org";
25. </script>
26.   </head>
27.   <body>
28.     <h2>LOL MALWARE</h2>
29.   </body>
30. </html>
31.  
32. ##
33. # Then you go in IRC:
34. #
35. # noob> Hey, can someone help me debug my code?
36. # snob> go away
37. # elite> now snob, be polite to the noob
38. # snob> fine
39. # snob->noob: send me the source?
40. # noob->snob: http://innocuo.us/sourcecode/authorize_net.txt
41. # noob->snob: I keep getting a weird error
42. # *snob has disconnected for reason: rm -rf /
43. #
44. # Mitigations:
45. # 1. Don't carelessly click shit
46. # 2. NoScript, keep your shit up to date, pray nobody has 0day for your browser
47. ##