Skip to content

tkmru/nginx-alias-traversal-sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

screenshots

screenshots

 
 

Dockerfile

Dockerfile

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

index.html

index.html

 
 

vulnerable.conf

vulnerable.conf

 
 

Repository files navigation

Nginx alias traversal sample app

There is a vulnerability in Nginx that can be caused by misconfiguration. One of them is alias traversal.

top

flag

How to use

Dockerfile exists. Sample app work on any port.

$ docker build -t nginx-traversal .
$ docker run -d -p 127.0.0.1:3000:80 nginx-traversal:latest

Tools to find

Gixy is a tool to analyze Nginx configuration.

$ gixy vulnerable.conf 

==================== Results ===================

>> Problem: [alias_traversal] Path traversal via misconfigured alias.
Description: Using alias in a prefixed location that doesn't ends with directory separator could lead to path traversal vulnerability. 
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
Pseudo config:

server {
	server_name localhost;

	location /static {
		alias /var/www/app/static/;
	}
}

==================== Summary ===================
Total issues:
    Unspecified: 0
    Low: 0
    Medium: 0
    High: 1

Also, burp extention exists.

Case Study

Licence

The MIT License

About

Nginx alias traversal vulnerable environments for study

Topics

nginx demo-app websecurity vulnerability-environment

Resources

Readme

License

MIT license
Activity

Stars

16 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages