Edit Report

Our sensors found this exploit at:

Below is a copy:

# Exploit Title: nginx Arbitrary Code Execution NullByte Injection
# Date: 24/08/2011
# Exploit Author: Neal Poole
# Vendor Homepage:
# Software Link:
# Version: 0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37
# Tested on: Ubuntu Server 10.04.1
# nginx version: 0.6.36
# Advisory:
# Description
In vulnerable versions of nginx, null bytes are allowed in URIs by default (their presence is indicated via a variable named zero_in_uri defined in ngx_http_request.h). Individual modules have the ability to opt-out of handling URIs with null bytes. However, not all of them do; in particular, the FastCGI module does not.
# Proof of Concept:

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.