CVE-2013-2028 PoC — F5 Nginx 缓冲区错误漏洞

Source

Associated Vulnerability

Title:F5 Nginx 缓冲区错误漏洞 (CVE-2013-2028)
Description:F5 Nginx是美国F5公司的一款轻量级Web服务器/反向代理服务器及电子邮件（IMAP/POP3）代理服务器，在BSD-like协议下发行。 F5 Nginx 1.3.9版本至1.4.0版本存在缓冲区错误漏洞。攻击者利用该漏洞导致系统拒绝服务或执行任意代码。

Description

A CVE-2013-2028 implementation

Readme

### This is a tool that uses an exploit called [CVE-2013-2028](https://nvd.nist.gov/vuln/detail/CVE-2013-2028) to excecute a [bind shell](https://medium.com/@Proclus/reverse-bind-shells-for-everyoned-e7507853bf4e#5d64) on the target server that's running Nginx 1.3.9 or 1.4.0.
## It can be downloaded [here](https://github.com/jptr218/nginxhack/raw/main/nginxhack.exe) (you will need to run it from the command line)
### Usage:

### `nginxhack [target] [target port] [target bind port] `

File Snapshot


 [4.0K]  /data/pocs/c242f72a7d3cce5c39ead0d4ff6025b9557e5c3e
├── [104K]  nginxhack.exe
├── [ 488]  README.md
└── [4.0K]  src
    ├── [ 445]  hdr.h
    ├── [2.8K]  main.cpp
    ├── [1.4K]  misc.cpp
    └── [1.2K]  payload.cpp

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!