Nginx

Path traversal via misconfigured NGINX alias

https://example.com/static../ returns the same response as https://example.com/

Burp extension

Tools

./navgix scan -u http://vulnerable.com/                                     
[navgix 2024-12-23_02:12:17.731403583] starting scan on http://vulnerable.com/
[navgix 2024-12-23_02:12:17.830559043] Vulnerable: http://vulnerable.com/assets../
[navgix 2024-12-23_02:12:17.926859226] Vulnerable: http://vulnerable.com/assets../

PreviousTomcat CGI NextIIS

Last updated 25 days ago