POC详情: 1a68f42e2daef9f18fd93c526ef11bd8f72f889f

来源
https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS
关联漏洞
标题: Rejetto HTTP File Server 安全漏洞 (CVE-2024-23692)
描述:Rejetto HTTP File Server(Rejetto HFS)是Rejetto公司的一款 HTTP 文件服务器。 Rejetto HTTP File Server 2.3m及之前版本存在安全漏洞,该漏洞源于存在模板注入漏洞,允许远程未经身份验证的攻击者通过发送特制的HTTP请求在受影响的系统上执行任意命令。
描述
Unauthenticated RCE Flaw in Rejetto HTTP File Server (CVE-2024-23692)
介绍
# Unauthenticated RCE Flaw in Rejetto HTTP File Server (CVE-2024-23692) - exploit code

CVE-2024-23692 is a critical vulnerability in Rejetto HTTP File Server (HFS) version 2.3m, allowing unauthenticated remote code execution (RCE).

This flaw enables attackers to execute arbitrary code on the server, posing significant security risks. In this post, we examine Rejetto HFS, the affected versions, the impact of the vulnerability, and the timeline of its discovery and remediation.

## Usage
Exploit script:
```
python3 exploit.py <target_ip> <target_port> <cmd>

# Example:
python3 exploit.py 192.168.130.100 80 calc
```

Detection script:
```
python detect.py <target_ip> <target_port>
```

## Disclaimer
This exploit script has been created solely for research and the development of effective defensive techniques. It is not intended to be used for any malicious or unauthorized activities. The script's author and owner disclaim any responsibility or liability for any misuse or damage caused by this software. Just so you know, users are urged to use this software responsibly and only by applicable laws and regulations. Use responsibly.
文件快照

 [4.0K]  /data/pocs/1a68f42e2daef9f18fd93c526ef11bd8f72f889f
├── [1.3K]  detect.py
├── [1.3K]  exploit.py
└── [1.1K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。