CVE-2010-2263

nginx 0.7.52-0.7.65 and 0.8-0.8.39 on Windows - Unauthenticated Arbitrary File Read via ::$DATA URI Suffix

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-2263. PoCs published by Dr_IDE, Jose A. Vazquez, including Metasploit module auxiliary/scanner/http/nginx_source_disclosure.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in nginx 0.8.36 on Windows: remote source disclosure via ADS (Alternate Data Stream) and remote DoS with memory corruption via encoded directory traversal. The PoC provides specific URLs to trigger these issues.

Description

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Dr_IDE · textremotewindows
https://www.exploit-db.com/exploits/13818

The exploit demonstrates two vulnerabilities in nginx 0.8.36 on Windows: remote source disclosure via ADS (Alternate Data Stream) and remote DoS with memory corruption via encoded directory traversal. The PoC provides specific URLs to trigger these issues.

Classification
Working Poc 90%
Attack Type
Dos | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: nginx 0.8.36 (Windows)
No auth needed
Prerequisites: Network access to the target nginx server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Jose A. Vazquez · textremotewindows
https://www.exploit-db.com/exploits/13822

This is a writeup describing a source code disclosure vulnerability in NGINX versions <= 0.7.65 (stable) and 0.8.39 (development) on Windows systems due to improper handling of NTFS Alternate Data Streams (ADS). The PoC involves appending '::$data' to a file path to download its source code.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: NGINX <= 0.7.65 (stable) and <= 0.8.39 (development) on Windows
No auth needed
Prerequisites: NGINX running on Windows with vulnerable version · Access to the web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nginx_source_disclosure.rb

This Metasploit module exploits a source code disclosure vulnerability in nginx versions 0.7.x and 0.8.x by appending '::$data' to the URI, allowing unauthorized download of source files. It checks for vulnerable versions and saves the disclosed source code to a specified path.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: nginx versions 0.7.56-0.7.65 and 0.8.33-0.8.39
No auth needed
Prerequisites: Network access to the target nginx server · Vulnerable nginx version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/13818
Exploit, Release Notes, Third Party Advisory x_refsource_misc
http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/13822
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40760

Scores

EPSS 0.7193
EPSS Percentile 99.4%

Details

CWE
CWE-200
Status published
Products (1)
f5/nginx 0.7.52 - 0.7.66
Published Jun 15, 2010
Tracked Since Feb 18, 2026