exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed


Nginx Root Privilege Escalation
Posted Nov 16, 2016
Authored by Dawid Golunski

Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account as it would allow them to escalate their privileges further to root access and fully compromise the system. This is fixed in 1.6.2-5+deb8u3 package on Debian and 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS. UPDATE 2017/01/13 - nginx packages below version 1.10.2-r3 on Gentoo are also affected.

tags | exploit, web, local, root
systems | linux, debian, ubuntu
advisories | CVE-2016-1247
SHA-256 | 572946533a64d6b9af6ce4ce53d1c39bc1cc476f9cdbd639425b4aed7713bcef

Related Files

Nginx 1.25.5 Host Header Validation
Posted Apr 24, 2024
Authored by dhteam

Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice.

tags | exploit
SHA-256 | 827499ce948db348650ea46da73de3be64bef78d4325b8fb47b1f8a618d514f3
Nginx 1.20.0 Denial Of Service
Posted Jul 11, 2022
Authored by Mohammed Alshehri

Nginx version 1.20.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2021-23017
SHA-256 | d5e69479a9c5a46d1cf68eb6f70e5c392f4e2292c4ebd20a8e40b7422c4f6f23
Debian Security Advisory 4762-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4762-1 - It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default.

tags | advisory, web
systems | linux, debian
advisories | CVE-2020-24660
SHA-256 | 1936fc20f1fce8c046e9a32b0cf72f8389efc42588b36d32567422da6ead95de
Debian Security Advisory 3701-1
Posted Oct 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3701-1 - Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability (www-data to root) due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, and local users may be able to read the log files themselves local until the next logrotate invocation.

tags | advisory, web, local, root
systems | linux, debian
advisories | CVE-2016-1247
SHA-256 | 45ba3a4a7a68c140419a5e245940ef54a4d56ffe54aff33299bf6d93353b5f49
Night Lion Security PHP Stress
Posted May 6, 2014
Authored by Vinny Troia | Site nightlionsecurity.com

Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.

tags | exploit, tool, web, denial of service, cgi, php, proof of concept
systems | linux
SHA-256 | 66e4705c388028be2e16a9b4d12a2811c4c3a961557abb18afaabbf367a8d1ad
nginx 1.4.0 64-bit Linux Remote Code Execution
Posted Mar 18, 2014
Authored by Sorbo

nginx version 1.4.0 remote code execution exploit that leverages a new attack technique called BROP (Blind ROP).

tags | exploit, remote, code execution
systems | linux
advisories | CVE-2013-2028
SHA-256 | 8352b0f536d1d2db731dbea6ffe0990452b85c17e1de3830432937e8c4173ec3
Nginx 1.3.9 / 1.4.0 Exploit Documentation
Posted Jul 23, 2013
Authored by Kingcope

This whitepaper document how the brute forcing exploit works for a buffer overflow vulnerability in nginx versions 1.3.9 and 1.4.0 on x86.

tags | paper, overflow, x86
advisories | CVE-2013-2028
SHA-256 | 83e7a76cda024bdc1720e8569cb20218c76aa3c5b8a8f5ddfad4818e03f8afe9
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
Posted May 23, 2013
Authored by Greg MacManus, hal, saelo | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.

tags | exploit, overflow
advisories | CVE-2013-2028, OSVDB-93037
SHA-256 | 5caa8725f0b0e52002e2804749d851584f474a1d0b411c2a827865afd2da031c
Nginx 1.3.9 / 1.4.0 Denial Of Service
Posted May 17, 2013
Authored by Mert SARICA | Site mertsarica.com

Nginx versions 1.3.9 through 1.4.0 suffer from a denial of service vulnerability.

tags | exploit, denial of service, python
advisories | CVE-2013-2028
SHA-256 | 545ee012c3d75d1d38d47e527a614966ce9593fd109eb03f37bdf8105f5b48b0
Nginx 1.3.9 / 1.4.0 Stack Buffer Overflow
Posted May 8, 2013
Authored by Greg MacManus, Maxim Dounin | Site nginx.org

Nginx versions 1.3.9 through 1.4.0 suffer from a stack-based buffer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2013-2028
SHA-256 | 7bc6c11ece1fcb0d26e264613945a82fd3064bb3d2a74e91677e963e3b0ad5b3
nginx 0.6.x Code Execution
Posted Apr 19, 2013
Authored by Neal Poole

nginx version 0.6.x suffers from an arbitrary code execution vulnerability due to a nullbyte injection issue.

tags | exploit, arbitrary, code execution
SHA-256 | 80b271bc4dd413adecf25945a99a831e3725d128f9974c5542da05bc9ff3daf3
nginx 1.0.13 Information Leak
Posted Mar 15, 2012
Site nginx.org

nginx versions prior to 1.0.14 stable and 1.1.7 development suffer from an information leak vulnerability when receiving a malformed HTTP response.

tags | advisory, web
SHA-256 | 4a5c29ad6c7a3904436207e603d5eb2996ff11a7f07c3753916e4e8fb92b76bd
Nginx 0.7.65 Shell Upload
Posted Jul 31, 2011
Authored by Sysmox

Nginx version 0.7.65 suffers from a configuration vulnerability that may allow for a shell upload.

tags | exploit, shell
SHA-256 | 80551d22725746b690efed90e1d3702a31f4692d83292d2ce060118f47299c32
Nginx Heap Corruption
Posted Aug 30, 2010
Authored by aaron conole

Nginx version 0.6.38 heap corruption exploit.

tags | exploit
SHA-256 | f0e708878e2c5a4352a3ea3e827b14424c654e6bad3d69ea431626585786de0b
Nginx 0.8.35 Source Code Disclosure
Posted May 30, 2010
Authored by Pouya Daneshmand

Nginx version 0.8.35 suffers from a source code disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 8dca4d5306ce6d058ef43259af7bf95a987b30ca83476d447aafdaa50c0608b7
Nginx 0.6.36 Path Traversal
Posted May 28, 2010
Authored by cp77fk4r

Nginx web server versions 0.6.36 and below suffers from a path traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | c8c2faee0dfc75f1004b96cc34f362329297ccf297f8d880789ce34e25330c4c
nginx NULL Pointer Dereference
Posted Oct 23, 2009
Authored by zeus penguin

nginx versions 0.7.0 through 0.7.61, 0.6.0 through 0.6.38, 0.5.0 through 0.5.37, and 0.4.0 through 0.4.14 suffer from a remote null pointer dereferencing vulnerability. Proof of concept code included.

tags | exploit, remote, denial of service, proof of concept
SHA-256 | 23e0b19545c8a86cffa3f0faeb5311be3b43dc3c60a2228899c989f955e3ede4
nginx 0.7.61 Directory Traversal
Posted Sep 24, 2009
Authored by Kingcope

nginx version 0.7.61 suffers from a WebDAV copy/move method directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 7b4a38163573c74eaf582034e58861d28cafc0a15ba48b2128977ec6ff7ac759
nginx Cache Poisoning
Posted Sep 18, 2009
Authored by Matthew Dempsky

nginx suffers from an internal DNS cache poisoning vulnerability when configured as a forward proxy.

tags | advisory
SHA-256 | 4cfae3eff99753608f50e8287f21330f597d59e6bd520cb36cb9a99a65f4a931
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By