#Nginx 1.18 exploit in the wild!
#infosec #0day #exploit
@campuscodi
#infosec #0day #exploit
@campuscodi
https://twitter.com/_Blue_hornet/status/1512759109275242497
Some more information on the #Nginx #0day by @_Blue_hornet as shared via DM and published here with permission: 
Update on the #Nginx 1.18 #0day:
Around 20 minutes ago @_Blue_hornet started a Github Repo arround the exploit:
github.com/AgainstTheWest…
Some more hints on the Exploit:
- Related to #Spring4Shell
- Created by #BrazenEagle
- Related to ldap-auth demon used together with #Nginx
Around 20 minutes ago @_Blue_hornet started a Github Repo arround the exploit:
github.com/AgainstTheWest…
Some more hints on the Exploit:
- Related to #Spring4Shell
- Created by #BrazenEagle
- Related to ldap-auth demon used together with #Nginx
@_Blue_hornet Another Update containing a potential temporary #workaround has been pushed to Github just now.
Also confirming that #ldap-auth daemon is indeed vulnerable. Also mentioning that @Atlassian accounts are affected.
#0day #ldap #injection #nginx
Also confirming that #ldap-auth daemon is indeed vulnerable. Also mentioning that @Atlassian accounts are affected.
#0day #ldap #injection #nginx
@campuscodi So as this Tweet is getting some reach, some might be asking themselves how @_Blue_hornet operates.
@PogoWasRight did an interview with them arround 6 days ago and I think it is worth a read :)
Link:
databreaches.net/an-interview-w…
@PogoWasRight did an interview with them arround 6 days ago and I think it is worth a read :)
Link:
databreaches.net/an-interview-w…
@_Blue_hornet @Atlassian For those who want/need even more info, here is an internal message by ATW on this #exploit and its capabilities.
Seems ATW is unsure for now if it is an #LDAP issue or if its only affecting #Nginx
Seems ATW is unsure for now if it is an #LDAP issue or if its only affecting #Nginx
Ok, as this tweet get's way more exposure then I am used to, please keep the following in mind:
Everything I share is based on claims by @_Blue_hornet .
I have not seen a PoC, I have not seen a successfull exploitation and I do not know if any of this is true.
I do not warrant!
Everything I share is based on claims by @_Blue_hornet .
I have not seen a PoC, I have not seen a successfull exploitation and I do not know if any of this is true.
I do not warrant!
@_Blue_hornet @Atlassian So, in an unexpected turn of events @_Blue_hornet went dark.
They suggested its forever.
I am unsure how to procede now.
A lot of noise I willingly shared as I trusted in them and now this.
For the time beeing, I will quote my tweet from before:
They suggested its forever.
I am unsure how to procede now.
A lot of noise I willingly shared as I trusted in them and now this.
For the time beeing, I will quote my tweet from before:
https://twitter.com/Gi7w0rm/status/1512898385673658374
So it seems @_Blue_hornet has updated the Github Repo several times since my last tweet.
Nothing too important in my eyes, but mentioning it just in case:
github.com/AgainstTheWest…
At least shows that he/they are still maintaining the Repo :)
Nothing too important in my eyes, but mentioning it just in case:
github.com/AgainstTheWest…
At least shows that he/they are still maintaining the Repo :)
As several people have pointed out, it seems @nginx has released an article about the vulnerability described above. The article points out ways to mitigate and states that ONLY THE #Nginx REFERENCE IMPLEMENTATION IS AFFECTED.
nginx.com/blog/addressin…
#nginxday #0day
nginx.com/blog/addressin…
#nginxday #0day
• • •
Missing some Tweet in this thread? You can try to
force a refresh
