ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fdaf048f40
AllAboutBugBounty/Technologies/Nginx.md

27 lines
978 B
Markdown
Raw Normal View History

Adding some 'technology' information
2022-06-18 13:26:55 +00:00
# Nginx Common Bugs
Add nginx & haproxy
2021-11-13 23:21:02 +00:00
Adding some 'technology' information
2022-06-18 13:26:55 +00:00
## Introduction
What would you do if you came across a website that uses Nginx?
## How to Detect
Usually in the HTTP response there is a header like this `Server: nginx`
1. Find the related CVE by checking nginx version
* How to find the nginx version
By checking the response header or using 404 page, sometimes the version is printed there. If you found outdated nginx version, find the CVEs at [CVE Details](https://www.cvedetails.com/vulnerability-list/vendor_id-315/product_id-101578/F5-Nginx.html)
2. Directory traversal
Add nginx & haproxy
2021-11-13 23:21:02 +00:00
```
https://example.com/folder1../folder1/folder2/static/main.css
https://example.com/folder1../%s/folder2/static/main.css
https://example.com/folder1/folder2../folder2/static/main.css
https://example.com/folder1/folder2../%s/static/main.css
https://example.com/folder1/folder2/static../static/main.css
https://example.com/folder1/folder2/static../%s/main.css
Adding some 'technology' information
2022-06-18 13:26:55 +00:00
```
3. Nginx status page
```
https://example.com/nginx_status
Add nginx & haproxy
2021-11-13 23:21:02 +00:00
```
Reference in New Issue Copy Permalink