Video PoC Exploit for Nginx packaging on Debian-based and Gentoo distros
Discovered by
Dawid Golunski
Follow @dawid_golunski
https://legalhackers.com
Description:
The video below demonstrates how an attacker using the CVE-2016-1247 vulnerability in Nginx packaging on Debian-based and Gentoo systems (such as Debian, Ubuntu, Gentoo etc.), could escalate their privileges to root user upon gaining access to the system as www-data user.
In the presented scenario, the attacker gains the local access to www-data shell by exploiting a pre-existing webapp vulnerability (File Upload) to upload a reverse shell and then proceeds to privilege escalation.
Thanks for watching
You can find the full advisory of this Nginx pkg. vulnerability (CVE-2016-1247) and others on:
https://legalhackers.com
To receive updates on this as well as new vulnerabilities:
Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://legalhackers.com
Description:
The video below demonstrates how an attacker using the CVE-2016-1247 vulnerability in Nginx packaging on Debian-based and Gentoo systems (such as Debian, Ubuntu, Gentoo etc.), could escalate their privileges to root user upon gaining access to the system as www-data user.
In the presented scenario, the attacker gains the local access to www-data shell by exploiting a pre-existing webapp vulnerability (File Upload) to upload a reverse shell and then proceeds to privilege escalation.
Thanks for watching
You can find the full advisory of this Nginx pkg. vulnerability (CVE-2016-1247) and others on:
https://legalhackers.com
To receive updates on this as well as new vulnerabilities: Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~