CVE-2008-0406

HTTP File Server < 2.2b - Denial of Service via Long Account Name

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0406. PoCs published by Felipe M. Aragon.

AI-analyzed exploit summary This Python script exploits multiple vulnerabilities in HFS (HTTP File Server), including DoS, XSS, and arbitrary file creation. It provides a command-line interface to interact with the target server and execute various attacks.

Description

HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Felipe M. Aragon · pythonremotewindows

https://www.exploit-db.com/exploits/31056

View Code ZIP pw:eip

This Python script exploits multiple vulnerabilities in HFS (HTTP File Server), including DoS, XSS, and arbitrary file creation. It provides a command-line interface to interact with the target server and execute various attacks.

Classification

Working Poc 95%

Attack Type

Dos | Xss | Info Leak | Other

Complexity

Moderate

Reliability

Reliable

Target: HFS (HTTP File Server) versions 1.5f to 2.3 (Beta Build 174)

No auth needed

Prerequisites: Network access to the target HFS server

MITRE ATT&CK