漏洞描述
【漏洞对象】nostromo nhttpd 【涉及版本】nostromo nhttpd 1.9.6及其之前版本 【漏洞描述】由于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素,攻击者可利用该漏洞访问受限目录之外的位置,而且这个漏洞是因为对CVE-2011-0751漏洞的未完全修复导致攻击者可以利用类似 /../ 的路径格式绕过限制从而通过 /bin/sh来执行任意参数,即命令执行 。
nostromo nhttpd 路径遍历漏洞(CVE-2019-16278)
PoC代码
暂无相关漏洞推荐
- POC cl-te-http-smuggling: Basic CL.TE - HTTP request smuggling
- POC te-cl-http-smuggling: Basic TE.CL - HTTP Request Smuggling
- POC CVE-2001-0537: Cisco IOS HTTP Configuration - Authentication Bypass
- POC CVE-2006-1681: Cherokee HTTPD <=0.5 - Cross-Site Scripting
- POC CVE-2014-2323: Lighttpd 1.4.34 SQL Injection and Path Traversal
- POC CVE-2017-15715: Apache httpd <=2.4.29 - Arbitrary File Upload
- POC CVE-2018-16133: Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
- POC CVE-2018-18778: ACME mini_httpd <1.30 - Local File Inclusion
- POC CVE-2019-10092: Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
- POC CVE-2019-10098: Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect
- POC CVE-2020-11984: Apache HTTP Server - Remote Code Execution
- POC CVE-2024-23334: aiohttp - Directory Traversal
- POC CVE-2024-23692: Rejetto HTTP File Server - Template injection