CVE-2011-0751

nostromo < 1.9.4 - Remote Code Execution and Arbitrary File Read via Encoded Dot-Dot-Slash

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0751. PoCs published by RedTeam Pentesting GmbH.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in nostromo nhttpd to execute arbitrary commands via a malformed POST request. The script sends a crafted HTTP request to traverse directories and execute /bin/sh, piping the command output back to the attacker.

Description

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RedTeam Pentesting GmbH · bashremotelinux

https://www.exploit-db.com/exploits/35466

View Code ZIP pw:eip

This exploit leverages a path traversal vulnerability in nostromo nhttpd to execute arbitrary commands via a malformed POST request. The script sends a crafted HTTP request to traverse directories and execute /bin/sh, piping the command output back to the attacker.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: nostromo nhttpd < 1.9.4

No auth needed

Prerequisites: network access to the target · nostromo nhttpd running on the target

MITRE ATT&CK