Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2014-6287

Description

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

POC

Reference

- http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html

- http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html

- http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html

- https://www.exploit-db.com/exploits/39161/

Github

- https://github.com/0xTabun/CVE-2014-6287

- https://github.com/10cks/CVE-2014-6287

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AfvanMoopen/tryhackme-

- https://github.com/Esther7171/THM-Walkthroughs

- https://github.com/Esther7171/TryHackMe-Walkthroughs

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/KarimLedesmaHaron/THM-Tutoriales

- https://github.com/Lantern76/HTB_Optimum

- https://github.com/Mithlonde/Mithlonde

- https://github.com/Nicoslo/Windows-exploitation-Rejetto-HTTP-File-Server-HFS-2.3.x-CVE-2014-6287

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/QuantumPhysx2/CVE-Cheat-Sheet

- https://github.com/SlizBinksman/THM-Steel_Mountain-CVE-2014-6287

- https://github.com/Z3R0-0x30/CVE-2014-6287

- https://github.com/francescobrina/hfs-cve-2014-6287-exploit

- https://github.com/grisuno/LazyOwn

- https://github.com/hadrian3689/rejetto_hfs_rce

- https://github.com/iandrade87br/OSCP

- https://github.com/karolinaras/THM-SteelMountain

- https://github.com/macosta-42/Exploit-Development

- https://github.com/manoj3768/OSCP

- https://github.com/mrintern/thm_steelmountain_CVE-2014-6287

- https://github.com/mylovemyon/memo

- https://github.com/nika0x38/CVE-2014-6287

- https://github.com/oplogix/Helpful-Scripts

- https://github.com/personaone/OSCP

- https://github.com/pranjalsharma03/OSCP

- https://github.com/promise2k/OSCP

- https://github.com/rahisec/rejetto-http-file-server-2.3.x-RCE-exploit-CVE-2014-6287

- https://github.com/randallbanner/Rejetto-HTTP-File-Server-HFS-2.3.x---Remote-Command-Execution

- https://github.com/refabr1k/oscp_notes

- https://github.com/rnbochsr/Steel_Mountain

- https://github.com/roughiz/cve-2014-6287.py

- https://github.com/sage954526/HFS_EXPLOIT_PROJECT

- https://github.com/testermas/tryhackme

- https://github.com/thepedroalves/HFS-2.3-RCE-Exploit

- https://github.com/tipotto/cheatsheet

- https://github.com/uttambodara/Awesome-Hacking-Learning-Path

- https://github.com/w3workerz/THM-Walkthroughs

- https://github.com/wizardy0ga/THM-Steel_Mountain-CVE-2014-6287

- https://github.com/xcode96/REDME

- https://github.com/xsudoxx/OSCP

- https://github.com/zhsh9/CVE-2014-6287