Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 95.173.128.111
- nginx/1.4.7
- Exploits Working
- njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
- nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
- The vulnerability allows a remote attacker to gain access to potentially sensitive information.
- The vulnerability exists due to a boundary condition when processing rewrite rules with a '\0' character in ngx_http_core_module.c. An attacker with ability to influence a rewrite rule can view memory contents via Location HTTP header.
- Successful exploitation of vulnerability requires that an attacker can influence rewrite engine, as demonstrated with OpenResty issue.
- crimea.gov.ru
- www.crimea.gov.ru
- #EyePhuckBitches
- #GhostSec
Add Comment
Please, Sign In to add comment
