{"id":25367962,"url":"https://github.com/moften/cve-2019-20372","last_synced_at":"2026-05-17T15:34:45.639Z","repository":{"id":276362860,"uuid":"929066063","full_name":"moften/CVE-2019-20372","owner":"moften","description":"Nginx CVE-2019-20372 PoC, Unauthenticated File Upload Exploit  ","archived":false,"fork":false,"pushed_at":"2025-05-06T21:07:40.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-06T22:19:43.270Z","etag":null,"topics":["cibersecurity","nginx"],"latest_commit_sha":null,"homepage":"https://m10.com.mx","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/moften.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-07T18:39:32.000Z","updated_at":"2025-05-06T21:07:44.000Z","dependencies_parsed_at":"2025-05-06T22:19:24.836Z","dependency_job_id":"50d2cbc9-bb82-49a2-8e9c-4526277d791e","html_url":"https://github.com/moften/CVE-2019-20372","commit_stats":null,"previous_names":["moften/cve_2019_20372","moften/cve-2019-20372"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/moften/CVE-2019-20372","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FCVE-2019-20372","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FCVE-2019-20372/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FCVE-2019-20372/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FCVE-2019-20372/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moften","download_url":"https://codeload.github.com/moften/CVE-2019-20372/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FCVE-2019-20372/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270005591,"owners_count":24510939,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-12T02:00:09.011Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cibersecurity","nginx"],"created_at":"2025-02-15T00:23:50.262Z","updated_at":"2025-10-11T04:03:56.037Z","avatar_url":"https://github.com/moften.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Poc for CVE 2019-20372 \n# m10sec@proton.me\nDescription\n\nNGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.\n\n# CVE-2019-20372 Exploiter\n\nEste script en Python está diseñado para realizar una serie de pruebas de seguridad en un servidor web con el objetivo de detectar la vulnerabilidad **CVE-2019-20372** en servidores que ejecutan una versión vulnerable de **Nginx** (1.14.2). Además, el script verifica los encabezados HTTP, los métodos permitidos y realiza un intento de explotación.\n\n## Funciones\n\n1. **Obtener los encabezados HTTP**:\n   - Realiza una solicitud GET al servidor y muestra los encabezados HTTP obtenidos.\n   \n2. **Verificar la versión de Nginx**:\n   - Revisa si el servidor está utilizando **Nginx** y extrae su versión desde el encabezado `Server`.\n   - Si la versión es **1.14.2**, la vulnerabilidad **CVE-2019-20372** podría estar presente.\n   \n3. **Comprobar los métodos HTTP permitidos**:\n   - Realiza una solicitud OPTIONS para verificar los métodos HTTP permitidos por el servidor.\n\n4. **Intentar explotar la vulnerabilidad CVE-2019-20372**:\n   - Si el servidor es vulnerable, intenta cargar un archivo PHP malicioso para ejecutar código en el servidor.\n\n## Requisitos\n\n- Python 3.x\n- Paquete `requests` (Instalar usando `pip install requests`)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoften%2Fcve-2019-20372","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmoften%2Fcve-2019-20372","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoften%2Fcve-2019-20372/lists"}