You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I managed to get complete access to your website in less than 10 lines of code.
As proof : logs of letsencrypt-nginx-proxy
"Info: running letsencrypt-nginx-proxy-companion version v2.0.2-3-ged07a99
Info: Custom Diffie-Hellman group found, generation skipped.
Reloading nginx proxy (nginx-proxy)...
2021/04/19 18:15:01 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
2021/04/19 18:15:01 [notice] 62#62: signal process started
2021/04/19 18:15:03 Generated '/app/letsencrypt_service_data' from 6 containers
2021/04/19 18:15:03 Running '/app/signal_le_service'
2021/04/19 18:15:03 Watching docker events
2021/04/19 18:15:04 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
Reloading nginx proxy (nginx-proxy)...
2021/04/19 18:15:07 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
2021/04/19 18:15:07 [notice] 84#84: signal process started
Creating/renewal projectlovelace.net certificates... (projectlovelace.net)
[Mon Apr 19 18:15:09 UTC 2021] Domains not changed.
[Mon Apr 19 18:15:09 UTC 2021] Skip, Next renewal time is: Sun May 30 20:19:07 UTC 2021
[Mon Apr 19 18:15:09 UTC 2021] Add '--force' to force to renew.
Sleep for 3600s
Creating/renewal projectlovelace.net certificates... (projectlovelace.net)
[Mon Apr 19 19:15:11 UTC 2021] Domains not changed.
[Mon Apr 19 19:15:11 UTC 2021] Skip, Next renewal time is: Sun May 30 20:19:07 UTC 2021
[Mon Apr 19 19:15:11 UTC 2021] Add '--force' to force to renew.
Sleep for 3600s
Creating/renewal projectlovelace.net certificates... (projectlovelace.net)
[Mon Apr 19 20:15:13 UTC 2021] Domains not changed.
[Mon Apr 19 20:15:13 UTC 2021] Skip, Next renewal time is: Sun May 30 20:19:07 UTC 2021
[Mon Apr 19 20:15:13 UTC 2021] Add '--force' to force to renew.
Sleep for 3600s
Creating/renewal projectlovelace.net certificates... (projectlovelace.net)
[Mon Apr 19 21:15:15 UTC 2021] Domains not changed.
[Mon Apr 19 21:15:15 UTC 2021] Skip, Next renewal time is: Sun May 30 20:19:07 UTC 2021
[Mon Apr 19 21:15:15 UTC 2021] Add '--force' to force to renew.
Sleep for 3600s
Creating/renewal projectlovelace.net certificates... (projectlovelace.net)
[Mon Apr 19 22:15:17 UTC 2021] Domains not changed.
[Mon Apr 19 22:15:17 UTC 2021] Skip, Next renewal time is: Sun May 30 20:19:07 UTC 2021
[Mon Apr 19 22:15:17 UTC 2021] Add '--force' to force to renew.
Sleep for 3600s
"
Look for the string "class RCELogs" in your server logs if you want the exploit code.
If you need further help to understand the exploit I can answer here but it would publicly expose the vulnerability.
The text was updated successfully, but these errors were encountered:
Hello,
I managed to get complete access to your website in less than 10 lines of code.
As proof :
logs of letsencrypt-nginx-proxyLook for the string "class RCELogs" in your server logs if you want the exploit code.
If you need further help to understand the exploit I can answer here but it would publicly expose the vulnerability.
The text was updated successfully, but these errors were encountered: