Skip to content

tkmru/nginx-alias-traversal-sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
screenshots
screenshots
 
 
Dockerfile
Dockerfile
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
index.html
index.html
 
 
vulnerable.conf
vulnerable.conf
 
 

Repository files navigation

Nginx alias traversal sample app

There is a vulnerability in Nginx that can be caused by misconfiguration. One of them is alias traversal.

top

flag

How to use

Dockerfile exists. Sample app work on any port.

$ docker build -t nginx-traversal .
$ docker run -d -p 127.0.0.1:3000:80 nginx-traversal:latest

Tools to find

Gixy is a tool to analyze Nginx configuration.

$ gixy vulnerable.conf 

==================== Results ===================

>> Problem: [alias_traversal] Path traversal via misconfigured alias.
Description: Using alias in a prefixed location that doesn't ends with directory separator could lead to path traversal vulnerability. 
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
Pseudo config:

server {
	server_name localhost;

	location /static {
		alias /var/www/app/static/;
	}
}

==================== Summary ===================
Total issues:
    Unspecified: 0
    Low: 0
    Medium: 0
    High: 1

Also, burp extention exists.

Case Study

Licence

The MIT License

About

Nginx alias traversal vulnerable environments for study

Topics

nginx demo-app websecurity vulnerability-environment

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages