EXPLOITDB-EDB-47837

EXPLOITDB python VERIFIED WORKING POC

Exploit for CVE-2019-16278 - Nostromo nhttpd <1.9.6 - RCE

AI Analysis

This exploit leverages a path traversal vulnerability in nostromo 1.9.6 to achieve remote code execution by sending a maliciously crafted HTTP POST request. The payload bypasses input validation to execute arbitrary shell commands via the '.%0d' directory traversal technique.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type remote

Platform multiple

Language python

Files 1

https://www.exploit-db.com/exploits/47837

Authors

Kr0ff

Vulnerability

CVE-2019-16278

Nostromo nhttpd <1.9.6 - RCE

CRITICAL KEV

CVSS 9.8