CVE-2019-20372 PoC — F5 Nginx 环境问题漏洞

Source

https://github.com/0xleft/CVE-2019-20372

Associated Vulnerability

Title:F5 Nginx 环境问题漏洞 (CVE-2019-20372)
Description:F5 Nginx是美国F5公司的一款轻量级Web服务器/反向代理服务器及电子邮件（IMAP/POP3）代理服务器，在BSD-like协议下发行。 F5 Nginx 1.17.7之前版本存在环境问题漏洞，该漏洞源于允许 HTTP 请求走私。

Description

nginx http request smugling error_page directive

Readme

# CVE-2019-20372
 
This repository is for educational purposes only.

# /server

vulnerable server run `./server.sh`

# /exploit.py

exploit script run `python3 exploit.py`


# importante!
https://blkcipher.pl/assets/pdfs/2019-12-10-error_page_request_smuggling.pdf

https://github.com/vuongnv3389-sec/CVE-2019-20372

why this repo?

because burp doesnt catch the second response and vuongnv3389-sec's repo didnt work for me :(

File Snapshot


 [4.0K]  /data/pocs/a62e238da817a58d61b22455fb939e1869603c83
├── [ 524]  exploit.py
├── [ 427]  README.md
├── [4.0K]  server
│   ├── [  69]  Dockerfile
│   └── [ 392]  nginx.conf
└── [  82]  server.sh

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!