2024-05-26 14:27:05 +02:00
### [CVE-2013-2028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028)
### Description
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
### POC
#### Reference
- http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html
2024-06-09 00:33:16 +00:00
- http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html
2024-05-26 14:27:05 +02:00
- https://github.com/rapid7/metasploit-framework/pull/1834
2024-06-09 00:33:16 +00:00
- https://github.com/rapid7/metasploit-framework/pull/1834
2024-05-26 14:27:05 +02:00
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/JERRY123S/all-poc
- https://github.com/Sunqiz/CVE-2013-2028-reproduction
- https://github.com/alexgeunholee/zeus-software-security
- https://github.com/anquanscan/sec-tools
- https://github.com/camel-clarkson/non-controlflow-hijacking-datasets
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/danghvu/nginx-1.4.0
- https://github.com/dyjakan/exploit-development-case-studies
- https://github.com/hktalent/TOP
- https://github.com/jbmihoub/all-poc
- https://github.com/jptr218/nginxhack
- https://github.com/kitctf/nginxpwn
- https://github.com/m4drat/CVE-2013-2028-Exploit
- https://github.com/mambroziak/docker-cve-2013-2028
- https://github.com/mertsarica/hack4career
- https://github.com/mudongliang/LinuxFlaw
- https://github.com/oneoy/cve-
- https://github.com/q40603/Continuous-Invivo-Fuzz
- https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC
- https://github.com/weeka10/-hktalent-TOP
