Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-20372 PoC — F5 Nginx 环境问题漏洞

Source
https://github.com/0xleft/CVE-2019-20372
Associated Vulnerability
Title:F5 Nginx 环境问题漏洞 (CVE-2019-20372)
Description:NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Description
nginx http request smugling error_page directive
Readme
# CVE-2019-20372
 
This repository is for educational purposes only.

# /server

vulnerable server run `./server.sh`

# /exploit.py

exploit script run `python3 exploit.py`


# importante!
https://blkcipher.pl/assets/pdfs/2019-12-10-error_page_request_smuggling.pdf

https://github.com/vuongnv3389-sec/CVE-2019-20372

why this repo?

because burp doesnt catch the second response and vuongnv3389-sec's repo didnt work for me :(
File Snapshot

 [4.0K]  /data/pocs/a62e238da817a58d61b22455fb939e1869603c83
├── [ 524]  exploit.py
├── [ 427]  README.md
├── [4.0K]  server
│   ├── [  69]  Dockerfile
│   └── [ 392]  nginx.conf
└── [  82]  server.sh

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →