Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-7529 PoC — F5 Nginx 输入验证错误漏洞

Source
https://github.com/MaxSecurity/CVE-2017-7529-POC
Associated Vulnerability
Title:F5 Nginx 输入验证错误漏洞 (CVE-2017-7529)
Description:Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Readme
# CVE-2017-7529-POC
漏洞影响
该漏洞影响所有 0.5.6 - 1.13.2版本内默认配置模块的Nginx只需要开启缓存攻击者即可发送恶意请求进行远程攻击造成信息泄露。当Nginx服务器使用代理缓存的情况下攻击者通过利用该漏洞可以拿到服务器的后端真实IP或其他敏感信息。
通过我们的分析判定该漏洞利用难度低可以归属于low-hanging-fruit的漏洞在真实网络攻击中也有一定利用价值。

影响版本
Nginx version 0.5.6 - 1.13.2

修复版本
Nginx version 1.13.3, 1.12.1
File Snapshot

 [4.0K]  /data/pocs/ffd48d7ab1d83692a2b7c53298d25a4beabb29ad
├── [3.8K]  CVE-2017-7529-POC.py
└── [ 567]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →