milliways-infosec/CVE-2026-42945_RCE_in_Nginx-Rift
5
0
Fork 0
mirror of https://github.com/DepthFirstDisclosures/Nginx-Rift.git synced 2026-05-16 11:07:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

reorg files

Browse source
This commit is contained in:
Markakd 2026-05-12 16:39:02 -07:00
parent 90f4b4a302
commit 7fbbc54b50
7 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -2,3 +2,9 @@
**CVE:** CVE-2026-42945
**Tested on:** Ubuntu 24.04.3 LTS
## Usage
1. Run `./setup.sh` to create the container.
2. Run `docker compose -f env/docker-compose.yml up` to start the vulnerable nginx server.
3. Run `python3 poc.py --shell` to achieve RCE (Remote Code Execution).

0
Dockerfile → env/Dockerfile vendored
View file

0
docker-compose.yml → env/docker-compose.yml vendored
View file

0
entrypoint.sh → env/entrypoint.sh vendored
View file

0
nginx.conf → env/nginx.conf vendored
View file

0
server.py → env/server.py vendored
View file

10
setup.sh
View file

@ -3,17 +3,17 @@ set -e
cd "$(dirname "$0")"
echo "Building Docker image (compiles nginx from source)..."
docker compose build
docker compose -f env/docker-compose.yml build
echo ""
echo "Done. To run:"
echo ""
echo " # Terminal 1 (server) — nginx runs with ASLR disabled (setarch -R):"
echo " docker compose up"
echo " docker compose -f env/docker-compose.yml up"
echo ""
echo " # Terminal 2 (attacker):"
echo " python3 poc.py --cmd 'touch /tmp/pwned'"
echo " python3 poc.py --cmd 'echo hello from depthfirst > /tmp/pwned'"
echo ""
echo " # Verify RCE:"
echo " docker compose exec nginx ls -la /tmp/pwned"
echo " docker compose exec nginx cat /tmp/pwned"
echo " docker compose -f env/docker-compose.yml exec nginx ls -la /tmp/pwned"
echo " docker compose -f env/docker-compose.yml exec nginx cat /tmp/pwned"