CVE-2017-7529 PoC — F5 Nginx 输入验证错误漏洞

Source

Associated Vulnerability

Description

Added Vulnerability Code in Python for Nginx Vulnerability (CVE-2017-7529)

Readme

# Nginx : Remote-Integer-Overflow-Vulnerability

<img src="1.png" align="center" />
This Repository consists of an older yet existing Nginx vulnerability named "Remote Integer Overflow Vulnerability (CVE-2017-7529)". The Vulnerability is for Older Nginx servers (>>1.13). (Exception is for Nginx 1.12) 

# Set-up :

- Download sys library and requests library.
- It will be better if you have os library too.

## The Vulnerability that can be exploited to includes :-
```
    1) Reading Sensitive Headers during an Intercept of Requests.
   
    2) Revealing Sensitive Informatino containing real IP Addresses.
```

## This Repo Consists of :-
```
    1) vulnchecker.py : The scripts that checks for R.I.V.O Vulnerability in Nginx servers.
   
    2) exploit.py : The script that will exploit sensitive headers where Nginx server v1.1x (except v1.12) is running.
```

## Steps to use :
```
    1) python3 vulnchecker.py --url <http://example.com/>
    2) python3 exploit.py --url <http://example.com/>  
```
### Please do use the second step only when the first one executes, else your time will be wasted. 
#   Keep hacking for good

File Snapshot

 [4.0K]  /data/pocs/15786de0d27147bbce7e1cf31346b9774802d83e
├── [5.9K]  1.png
├── [ 514]  exploit.py
├── [1.1K]  README.md
└── [2.1K]  vulnchecker.py

0 directories, 4 files

Remarks