Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2013-2028

Description

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

POC

Reference

- http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html

- https://github.com/rapid7/metasploit-framework/pull/1834

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/BJ-PXD/Explotacion-de-Vulnerabiliddes-bee-box

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/ELHADANITAHA/OWASP-JSP-TP

- https://github.com/Hassan-cyberop/VULN-ASSESSMENT

- https://github.com/JERRY123S/all-poc

- https://github.com/JosephJMRG/apache-docker-project

- https://github.com/Maissacrement/cyber_sec_master_spv

- https://github.com/Rosayxy/cybersecurity-course-labs

- https://github.com/Sunqiz/CVE-2013-2028-reproduction

- https://github.com/alexgeunholee/zeus-software-security

- https://github.com/anquanscan/sec-tools

- https://github.com/camel-clarkson/non-controlflow-hijacking-datasets

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/danghvu/nginx-1.4.0

- https://github.com/dyjakan/exploit-development-case-studies

- https://github.com/hktalent/TOP

- https://github.com/jbmihoub/all-poc

- https://github.com/jptr218/nginxhack

- https://github.com/kitctf/nginxpwn

- https://github.com/kmukoo101/CVEye

- https://github.com/m4drat/CVE-2013-2028-Exploit

- https://github.com/mambroziak/docker-cve-2013-2028

- https://github.com/mertsarica/hack4career

- https://github.com/mudongliang/LinuxFlaw

- https://github.com/n0-traces/cve_monitor

- https://github.com/oneoy/cve-

- https://github.com/q40603/Continuous-Invivo-Fuzz

- https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/xiw1ll/CVE-2013-2028_Checker