Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-39943 PoC — rejetto HFS 安全漏洞

Source
https://github.com/Heyholiday067/CVE-2024-39943-Poc
Associated Vulnerability
Title:rejetto HFS 安全漏洞 (CVE-2024-39943)
Description:rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
Description
CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
Readme
# CVE-2024-39943-Poc
CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).

Deploy: ``` ./hfs --config config.yaml ```


https://github.com/truonghuuphuc/CVE-2024-39943-Poc/assets/20487674/c9e3d7ec-9181-43b5-8230-82c36fbf8a2b
File Snapshot

 [4.0K]  /data/pocs/b9c17fbaea8c4fa28f28fc0be25f62869de695ef
├── [ 199]  config.yaml
├── [ 23M]  hfs-linux.zip
├── [1.0K]  poc.py
└── [ 481]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →