Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-2028 PoC — F5 Nginx 缓冲区错误漏洞

Source
https://github.com/jptr218/nginxhack
Associated Vulnerability
Title:F5 Nginx 缓冲区错误漏洞 (CVE-2013-2028)
Description:The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Description
A CVE-2013-2028 implementation
Readme
### This is a tool that uses an exploit called [CVE-2013-2028](https://nvd.nist.gov/vuln/detail/CVE-2013-2028) to excecute a [bind shell](https://medium.com/@Proclus/reverse-bind-shells-for-everyoned-e7507853bf4e#5d64) on the target server that's running Nginx 1.3.9 or 1.4.0.
## It can be downloaded [here](https://github.com/jptr218/nginxhack/raw/main/nginxhack.exe) (you will need to run it from the command line)
### Usage:

### `nginxhack [target] [target port] [target bind port] `
File Snapshot

 [4.0K]  /data/pocs/c242f72a7d3cce5c39ead0d4ff6025b9557e5c3e
├── [104K]  nginxhack.exe
├── [ 488]  README.md
└── [4.0K]  src
    ├── [ 445]  hdr.h
    ├── [2.8K]  main.cpp
    ├── [1.4K]  misc.cpp
    └── [1.2K]  payload.cpp

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →