# N/A
## 概述
在nostromo nhttpd 1.9.6及之前版本的http_verify函数中存在目录穿越漏洞,攻击者可以通过构造特定的HTTP请求实现远程代码执行。
## 影响版本
- nostromo nhttpd 1.9.6及之前版本
## 细节
漏洞位于nostromo nhttpd组件的http_verify函数中,由于对用户输入的不当处理,攻击者可以通过构造特别设计的HTTP请求触发目录穿越,进一步实现远程代码执行。
## 影响
成功利用该漏洞,攻击者可以在目标系统上执行任意代码,从而全面控制该系统。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Directory transversal to remote code execution | https://github.com/jas502n/CVE-2019-16278 | POC详情 |
| 2 | CVE-2019-16728 Proof of Concept | https://github.com/imjdl/CVE-2019-16278-PoC | POC详情 |
| 3 | CVE-2019-16278Nostromo httpd命令执行 | https://github.com/ianxtianxt/CVE-2019-16278 | POC详情 |
| 4 | CVE-2019-16278 Python3 Exploit Code | https://github.com/darkerego/Nostromo_Python3 | POC详情 |
| 5 | A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Simply takes a host and port that the web server is running on. | https://github.com/AnubisSec/CVE-2019-16278 | POC详情 |
| 6 | Python script to exploit RCE in Nostromo nhttpd <= 1.9.6. | https://github.com/theRealFr13nd/CVE-2019-16278-Nostromo_1.9.6-RCE | POC详情 |
| 7 | (Nhttpd) Nostromo 1.9.6 RCE due to Directory Traversal | https://github.com/Kr0ff/cve-2019-16278 | POC详情 |
| 8 | CVE-2019-16278:Nostromo Web服务器的RCE漏洞 | https://github.com/NHPT/CVE-2019-16278 | POC详情 |
| 9 | Exploit for the CVE-2019-16278 vulnerability | https://github.com/keshiba/cve-2019-16278 | POC详情 |
| 10 | None | https://github.com/crypticdante/CVE-2019-16278 | POC详情 |
| 11 | A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Only takes in host and port of web server as required arguments. | https://github.com/alexander-fernandes/CVE-2019-16278 | POC详情 |
| 12 | This is a exploit of CVE-2019-16278 for Nostromo 1.9.6 RCE. This exploit allows RCE on the victim machine. | https://github.com/FredBrave/CVE-2019-16278-Nostromo-1.9.6-RCE | POC详情 |
| 13 | Nostromo 1.9.6 reverse shell | https://github.com/0xTabun/CVE-2019-16278 | POC详情 |
| 14 | None | https://github.com/H3xL00m/CVE-2019-16278 | POC详情 |
| 15 | Python script to exploit RCE in Nostromo nhttpd <= 1.9.6. | https://github.com/aN0mad/CVE-2019-16278-Nostromo_1.9.6-RCE | POC详情 |
| 16 | None | https://github.com/n3ov4n1sh/CVE-2019-16278 | POC详情 |
| 17 | None | https://github.com/c0d3cr4f73r/CVE-2019-16278 | POC详情 |
| 18 | None | https://github.com/Sp3c73rSh4d0w/CVE-2019-16278 | POC详情 |
| 19 | None | https://github.com/0xwh1pl4sh/CVE-2019-16278 | POC详情 |
| 20 | None | https://github.com/N3rdyN3xus/CVE-2019-16278 | POC详情 |
| 21 | None | https://github.com/NyxByt3/CVE-2019-16278 | POC详情 |
| 22 | None | https://github.com/h3xcr4ck3r/CVE-2019-16278 | POC详情 |
| 23 | None | https://github.com/n3rdh4x0r/CVE-2019-16278 | POC详情 |
| 24 | This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only. | https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE | POC详情 |
| 25 | An unauthenticated attacker can force server points to a shell file like ‘/bin/sh’ and execute arbitrary commands due to the failure in verifying the URL which leads to path traversal to any file that exists in the system. Nostromo’s versions such as 1.9.6 fail to verify this URL | https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution | POC详情 |
| 26 | nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-16278.yaml | POC详情 |
| 27 | None | https://github.com/h3x0v3rl0rd/CVE-2019-16278 | POC详情 |
暂无评论