intitle:"HFS" AND intext:"httpfileserver 2.3" AND -intext:"remote"
# Dork: intitle:"HFS" AND intext:"httpfileserver 2.3" AND
-intext:"remote"
# Author: Alexander Ahmann
# Email: hackermaneia@riseup.net
# Date: 11 March, 2022
# Category: Vulnerable Servers
Thapa (2016) devised an exploit targeting version 2.3 of Rejetto.com
(n.d.)'s "HTTP File Server." Thapa included the Google dork
'intext:"httpfileserver 2.3"' as a means to find webservers on the
internet running the vulnerable service. However, there is a limitation
with this dork, as it instructs Google's search engine to list websites
which includes web pages with the text "httpfileserver 2.3" in it. This
will cause Google search to report security bulletins discussing the
vulnerability.
To mitigate this problem, I present a slight modification of Thapa's
Google dork to "filter out" said security bulletins: 'intitle:"HFS" AND
intext:"httpfileserver 2.3" AND -intext:"remote"' (without single
quotes, with double quotes). Elaborating on the components of my
modified Google dork:
1. 'intitle:"HFS"' will report web pages with the string "HFS" in the
metatag. This is a feature that I have identified unique to
Rejetto.com (n.d.)'s HTTP File Server.
2. 'intext:"httpfileserver 2.3"' will report web pages with the string
"httpfileserver 2.3" in its body. This is a feature that Thapa (2016)
identified in Rejetto.com (n.d.)'s HTTP File Server.
3. '-intext:"remote"' will "filter out" web pages with the string
"remote" in its body. I have identified this string as a feature of
security bulletins reporting on the Rejetto.com (n.d.)'s HTTP File
Server vulnerability.
The "AND" boolean operator is used to narrow down the search results and
decrease the rate of false positives.
References
----------
Rejetto.com (n.d.). HFS ~ HTTP File Server. Retrieved on Mar. 11, 2022
from: http://rejetto.com/hfs/
Thapa, A. K. (2016). Rejetto HTTP File Server (HFS) 2.3.x - Remote
Command Execution (2). Exploit Database. Retrieved on Mar. 11, 2022
from: https://www.exploit-db.com/exploits/39161