crash.software
Projects
Pull Requests
Issues
Builds
AllAboutBugBounty
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY AllAboutBugBounty Files
🤬
a0048665
ROOT /
Technologies /
Nginx.md
27 lines | ISO-8859-1 | 978 bytes

Nginx Common Bugs

Introduction

What would you do if you came across a website that uses Nginx?

How to Detect

Usually in the HTTP response there is a header like this Server: nginx

  1. Find the related CVE by checking nginx version
  • How to find the nginx version

By checking the response header or using 404 page, sometimes the version is printed there. If you found outdated nginx version, find the CVEs at CVE Details

  1. Directory traversal
https://example.com/folder1../folder1/folder2/static/main.css
https://example.com/folder1../%s/folder2/static/main.css
https://example.com/folder1/folder2../folder2/static/main.css
https://example.com/folder1/folder2../%s/static/main.css
https://example.com/folder1/folder2/static../static/main.css
https://example.com/folder1/folder2/static../%s/main.css
  1. Nginx status page
https://example.com/nginx_status
Please wait...
Page is in error, reload to recover