CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.9%
nginx <= 1.4.0 exploit for CVE-2013-2028
by sorbo
Fri Jul 12 14:52:45 PDT 2013
./brop.rb 127.0.0.1
for remote hosts:
./frag.sh ip
./brop.rb ip
rm state.bin when changing host (or relaunching nginx with canaries)
scan.py will find servers, reading IPs from ips.txt
This is a generic exploit for 64-bit nginx which uses a new attack technique (BROP) that does not rely on a particular target binary. It will work on any distro and even compiled from source installations.
Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32277.tgz