Nginx 1.1.17 – URI Processing SecURIty Bypass

Exploit Database
67 阅读

作者： Ivan Fratric

日期： 2013-11-19
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/38846/

source: https://www.securityfocus.com/bid/63814/info

nginx is prone to a remote security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

nginx 0.8.41 through 1.5.6 are vulnerable. 

The following example data is available:

/file \0.php

last Exploits
Nginx 1.1.17 – URI Processing SecURIty Bypass的更多信息

Adobe Coldfusion 11.0.03.292866 – BlazeDS Java Object Deserialization Remote Code Execution：
IpTools 0.1.4 – Tiny TCP/IP servers Directory Traversal：
Citrix Provisioning Services 5.6 SP1 – Streamprocess Opcode 0x40020000 Buffer Overflow (Metasploit)：
HP OpenView Network Node Manager (OV NNM) – ‘getnnmdata.exe ICount’ CGI Buffer Overflow (Metasploit)：
WordPress Plugin PHPMailer 4.6 – Host Header Command Injection (Metasploit)：
TCPDF 4.5.036/4.9.5 – ‘params’ Attribute Remote Code Execution：
Yokogawa CS3000 – ‘BKFSim_vhfd.exe’ Remote Buffer Overflow (Metasploit)：
Varnish 2.0.6 – ‘Terminal Escape Sequence in Logs’ Command Injection：