Nginx 1.4.0 (64-bit) - Remote Exploit for Linux (Generic)

ID: 53819
Download vulnerable application: None
nginx <= 1.4.0 exploit for CVE-2013-2028
by sorbo
Fri Jul 12 14:52:45 PDT 2013


for remote hosts:
./ ip
./brop.rb ip

rm state.bin when changing host (or relaunching nginx with canaries) will find servers, reading IPs from ips.txt

This is a generic exploit for 64-bit nginx which uses a new attack technique (BROP) that does not rely on a particular target binary.  It will work on any distro and even compiled from source installations.

Exploit-DB mirror:
1-4-2 (www02)