header-logo
Suggest Exploit
vendor:
nginx
by:
sorbo
7,5
CVSS
HIGH
BROP
119
CWE
Product Name: nginx
Affected Version From: 1.4.0
Affected Version To: 1.4.0
Patch Exists: YES
Related CWE: CVE-2013-2028
CPE: a:nginx:nginx
Metasploit: https://www.rapid7.com/db/vulnerabilities/nginx-cve-2013-2028/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2013-189/https://www.rapid7.com/db/vulnerabilities/suse-cve-2013-2070/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2013-2028/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2013-2070/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2013-2028/https://www.rapid7.com/db/vulnerabilities/nginx-cve-2013-2070/https://www.rapid7.com/db/vulnerabilities/debian-DSA-2721/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Mac, Windows
2013

nginx <= 1.4.0 exploit for CVE-2013-2028

This is a generic exploit for 64-bit nginx which uses a new attack technique (BROP) that does not rely on a particular target binary. It will work on any distro and even compiled from source installations.

Mitigation:

Upgrade to nginx version 1.4.1 or later.
Source

Exploit-DB raw data:

nginx <= 1.4.0 exploit for CVE-2013-2028
by sorbo
Fri Jul 12 14:52:45 PDT 2013

./brop.rb 127.0.0.1

for remote hosts:
./frag.sh ip
./brop.rb ip

rm state.bin when changing host (or relaunching nginx with canaries)

scan.py will find servers, reading IPs from ips.txt



This is a generic exploit for 64-bit nginx which uses a new attack technique (BROP) that does not rely on a particular target binary.  It will work on any distro and even compiled from source installations.



Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32277.tgz

Navigation

Suggest Exploit

Services By CQR