Lucene search
K

Nginx 0.6.36 Path Traversal

🗓️ 28 May 2010 00:00:00Reported by cp77fk4rType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 484 Views

nginx 0.6.36 Path Traversal vulnerabilit

Code
`  
  
# Exploit Title: nginx [engine x] http server <= 0.6.36 Path Draversal  
# Date: 20/05/10  
# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com | www.DigitalWhisper.co.il  
<http://www.DigitalWhisper.co.il>  
# Software Link: http://nginx.org/  
# Version: <= 0.6.36  
# Tested on: Win32  
#  
##[Path Traversal:]  
A Path Traversal attack aims to access files and directories that are stored  
outside the web root folder. By browsing the application, the attacker looks  
for absolute links to files stored on the web server. By manipulating  
variables that reference files with “dot-dot-slash (../)” sequences and its  
variations, it may be possible to access arbitrary files and directories  
stored on file system, including application source code, configuration and  
critical system files, limited by system operational access control. The  
attacker uses “../” sequences to move up to root directory, thus permitting  
navigation through the file system. (OWASP)  
#  
http://localhost/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem.ini  
#  
#  
[e0f]  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 May 2010 00:00Current
7.4High risk
Vulners AI Score7.4
484