CVE-2010-2263

The exploit demonstrates two vulnerabilities in nginx 0.8.36 on Windows: remote source disclosure via ADS (Alternate Data Stream) and remote DoS with memory corruption via encoded directory traversal. The PoC provides specific URLs to trigger these issues.

This is a writeup describing a source code disclosure vulnerability in NGINX versions <= 0.7.65 (stable) and 0.8.39 (development) on Windows systems due to improper handling of NTFS Alternate Data Streams (ADS). The PoC involves appending '::$data' to a file path to download its source code.

This Metasploit module exploits a source code disclosure vulnerability in nginx versions 0.7.x and 0.8.x by appending '::$data' to the URI, allowing unauthorized download of source files. It checks for vulnerable versions and saves the disclosed source code to a specified path.