nginx-vhost-traffic-status: Nginx Vhost Traffic Status

漏洞描述

PoC代码[已公开]

id: nginx-vhost-traffic-status

info:
  name: Nginx Vhost Traffic Status
  author: geeknik
  severity: low
  description: Nginx Vhost Traffic status is exposed.
  reference:
    - https://github.com/vozlt/nginx-module-vts
  metadata:
    max-request: 1
  tags: status,nginx,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/status"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Nginx Vhost Traffic Status"
          - "Host"
          - "Zone"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a00463044022050940c10a9b3efd0d121aeb8fda3e7087eaada9b12cd75b6042f2fd89009ceab022052ac2d75c4b4fb4b968daa58dda1908c3fe5d43237a4c256afc060e7cee8c20f:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• nginxWebUI cmdOver 远程命令执行漏洞
• POC CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution
• POC CVE-2025-1097: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation
• POC CVE-2025-1098: Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
• POC CVE-2025-1974: Ingress-Nginx Controller - Remote Code Execution
• POC CVE-2025-24514: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
• POC nginx-merge-slashes-path-traversal: Nginx Merge Slashes Path Traversal
• POC nginxwebui-admin-bypass: NginxWebUI admin认证绕过（全版本通杀）
• POC nginxwebui-rce: Nginx Web UI RCE
• POC phpstudy-nginx-wrong-resolve: Phpstudy Nginx Wrong Resolve
• POC file-disable-nginx-server-tokens: Disbale Nginx Server Tokens
• POC file-missing-nginx-bof-protection: Missing Nginx Buffer Overflow Protection
• POC file-missing-nginx-xss-protection: Missing Nginx XSS Protection