CVE-2024-23692 PoC — Rejetto HTTP File Server 安全漏洞

Source

https://github.com/BBD-YZZ/CVE-2024-23692

Associated Vulnerability

Title:Rejetto HTTP File Server 安全漏洞 (CVE-2024-23692)
Description:Rejetto HTTP File Server（Rejetto HFS）是Rejetto公司的一款 HTTP 文件服务器。 Rejetto HTTP File Server 2.3m及之前版本存在安全漏洞，该漏洞源于存在模板注入漏洞，允许远程未经身份验证的攻击者通过发送特制的HTTP请求在受影响的系统上执行任意命令。

Description

CVE-2024-23692

Readme

## CVE-2024-23692

#### Usage: go run hfs.go -h
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/0.PNG)

#### go run hfs.go -u http://127.0.0.1
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/1.png)

#### go run hfs.go -u http://127.0.0.1 -dns  //默认使用ceye.io(需配置)
#### go run hfs.go -u http://127.0.0.1 -dns -d abc.cn  //指定dnslog
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/2.png)

#### go run hfs.go -u http://127.0.0.1 -cmd  //进入命令行
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/3.PNG)

*Tips: DNSLOG检测默认使用ceye.io, 如需使用请配置config目录下config.ini配置文件*

*未打包exe,可自行打包*

File Snapshot


 [4.0K]  /data/pocs/2a84728db6de6140f2fb09127394490934a78d96
├── [4.0K]  ceye
│   └── [1.7K]  ceye.go
├── [4.0K]  config
│   ├── [ 584]  conf.go
│   └── [  40]  config.ini
├── [4.0K]  cve
│   └── [6.0K]  cve_2024_23692.go
├── [ 121]  go.mod
├── [ 304]  go.sum
├── [2.7K]  hfs.go
├── [4.0K]  img
│   ├── [ 24K]  0.PNG
│   ├── [6.1K]  1.png
│   ├── [ 67K]  2.png
│   └── [ 11K]  3.PNG
├── [4.0K]  newClient
│   └── [7.4K]  returnClient.go
├── [ 714]  README.md
└── [4.0K]  tools
    ├── [1.7K]  args.go
    └── [1.1K]  utils.go

6 directories, 15 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!