Share
## https://sploitus.com/exploit?id=E7E6D46B-83A3-5E62-937F-13084516E2F5
It should be noted that the /api route used by default in the PoC is not a fixed path required to trigger the vulnerability, but rather an example path used in the current reproduction environment. During actual testing, the request path should be adjusted based on the target NGINX configuration, particularly the rewrite rule that includes overlapping capture groups and references multiple captured variables.