module

Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow

Disclosed	Created
May 7, 2013	May 30, 2018

Disclosed

May 7, 2013

Created

May 30, 2018

Description

This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx.
The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by
supplying an overly long hex value as chunked block size. This value is later used
when determining the number of bytes to read into a stack buffer, thus the overflow
becomes possible.

Authors

Greg MacManus
hal
saelo

Platform

Unix

Architectures

cmd

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/linux/http/nginx_chunked_size
    msf exploit(nginx_chunked_size) > show targets
        ...targets...
    msf exploit(nginx_chunked_size) > set TARGET < target-id >
    msf exploit(nginx_chunked_size) > show options
        ...show and set options...
    msf exploit(nginx_chunked_size) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report