README

Talk is cheap, just look at the code.

Detailed can be found at https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

Usage

Change the ip in shell.c
Check the docker is available and run make shell.so. (We need to build so in alpine to make sure it can works in nginx-ingress-controller which is base on musl-libc)
Run python3 exploit.py to get your shell.

You may need to change the range at line 25 and 26, which indicates the range of the pid and fd. The default value is a compromise between the speed and the success rate. You can get the target value by running kpexec -n ingress-nginx ingress-nginx-controller-xxxxxxxxx-xxxxx -it -- bash to get into container by root and run ls -ahl /proc/*/fd/* | grep body in container, when you are in proofing env.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.gitignore		.gitignore
.python-version		.python-version
Makefile		Makefile
README.md		README.md
build.sh		build.sh
exploit.py		exploit.py
pyproject.toml		pyproject.toml
req.json		req.json
req.yaml		req.yaml
shell.c		shell.c
uv.lock		uv.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

README

Usage

About

Uh oh!

Releases

Packages

Uh oh!

Languages

yoshino-s/CVE-2025-1974

Folders and files

Latest commit

History

Repository files navigation

README

Usage

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages