Nginx Exploit – CVE 2016-1247

Nginx Exploit – CVE 2016-1247

[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid”]

I started to write about Nginx and today I want to show you an interesting video about how to exploit a Nginx. It was discovered by Dawid Golunski (dawid@legalhackers.com) and I saw this information from LegalHackers.com

The next video below demonstrates how an attacker using the CVE-2016-1247 vulnerability in Nginx packaging on Debian-based and Gentoo systems (such as Debian, Ubuntu, Gentoo etc.), could escalate their privileges to root user upon gaining access to the system as www-data user.
In the presented scenario, the attacker gains the local access to www-data shell by exploiting a pre-existing webapp vulnerability (File Upload) to upload a reverse shell and then proceeds to privilege escalation.

You can find the full advisory of this Nginx pkg. vulnerability (CVE-2016-1247)

learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester

[/vc_column][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”1/3″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid” offset=”vc_hidden-md vc_hidden-sm vc_hidden-xs”]
[image_with_animation image_url=”6279″ alignment=”center” animation=”Fade In” box_shadow=”none” max_width=”100%” delay=”300″][team_member image_url=”1722″ team_memeber_style=”meta_below” link_element=”none” color=”Accent-Color” name=”Daniel Morales” job_position=”Writer”][/vc_column][/vc_row][vc_row type=”full_width_background” full_screen_row_position=”middle” bg_color=”#f9f9f9″ scene_position=”center” text_color=”dark” text_align=”left” top_padding=”4%” bottom_padding=”3%” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”1/1″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid”][recent_posts style=”default” category=”all” columns=”3″ title_labels=”true” posts_per_page=”3″][/vc_column][/vc_row]

Share it:

Leave a Reply

Your email address will not be published. Required fields are marked *