CVE-2024-23692
CRITICAL KEV RANSOMWARE NUCLEIRejetto HTTP File Server - Template injection
Title source: nucleiExploitation Summary
CVE-2024-23692 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 9, 2024, with confirmed use in ransomware campaigns.
EIP tracks 16 public exploits from researchers including VeryLazyTech, verylazytech, jakabakos, including a Metasploit module exploits/windows/http/rejetto_hfs_rce_cve_2024_23692.
A Nuclei detection template is also available.
AI-analyzed exploit summary This script scans for CVE-2024-23692, a directory traversal vulnerability in Rejetto HTTP File Server 2.3m, by attempting to read sensitive files like /etc/passwd and /etc/shadow. It does not execute arbitrary code but checks for file disclosure.
Description
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Exploits (16)
This script scans for CVE-2024-23692, a directory traversal vulnerability in Rejetto HTTP File Server 2.3m, by attempting to read sensitive files like /etc/passwd and /etc/shadow. It does not execute arbitrary code but checks for file disclosure.
The repository contains a functional bash script that exploits CVE-2024-23692, an unauthenticated RCE vulnerability in Rejetto HTTP File Server (HFS) 2.3m. The exploit crafts a malicious URL with a PowerShell command payload to achieve remote code execution.
This repository contains functional exploit and detection scripts for CVE-2024-23692, an unauthenticated RCE vulnerability in Rejetto HTTP File Server (HFS) version 2.3m. The exploit leverages a crafted HTTP GET request with a malicious search parameter to execute arbitrary commands on the target system.
This repository contains a functional exploit for CVE-2024-23692, a template injection vulnerability in Rejetto HTTP File Server (HFS) that allows remote command execution. The exploit includes a bash script for direct command execution and a Nuclei template for detection.
The repository contains a functional Python exploit for CVE-2024-23692, a template injection vulnerability in Rejetto HTTP File Server (HFS) 2.3m and earlier, allowing unauthenticated remote code execution via crafted HTTP requests.
This repository contains a functional exploit for CVE-2024-23692, targeting Rejetto HTTP File Server (HFS) versions <= 2.3. The exploit leverages a template injection vulnerability to achieve remote code execution (RCE) via crafted HTTP requests.
The repository contains a functional Python script that exploits CVE-2024-23692, a Server-Side Template Injection (SSTI) vulnerability leading to Remote Code Execution (RCE). The script sends a crafted HTTP request with a malicious payload to trigger command execution (e.g., 'ipconfig /all') and checks for vulnerability by detecting multiple 'RESULT' strings in the response.
This repository contains a functional exploit PoC for CVE-2024-23692, an unauthenticated remote code execution vulnerability in HFS 2.3. The script sends a crafted HTTP request to trigger command execution via template injection.
This repository contains a functional exploit for CVE-2024-23692, an unauthenticated Server-Side Template Injection (SSTI) vulnerability in Rejetto HTTP File Server (HFS) versions 2.4.0 RC7 and 2.3m. The exploit leverages Metasploit to achieve remote code execution (RCE) on vulnerable targets.
This repository contains functional exploit code for CVE-2024-23692, targeting memory management vulnerabilities in Borland C++ Builder applications. The code includes patches and hooks for memory allocation functions, demonstrating the ability to manipulate memory management behavior.
This repository contains a functional exploit for CVE-2024-23692, targeting HFS (HTTP File Server) versions 2.3 and below. The exploit leverages a command injection vulnerability to execute arbitrary commands on the server via a crafted HTTP request.
This repository contains a functional exploit for CVE-2024-23692, targeting HFS (HTTP File Server) versions <= 2.4 RC7. The exploit sends a crafted HTTP GET request with a command injection payload to achieve remote code execution (RCE).
The repository contains a functional exploit script for CVE-2024-23692, a Server-Side Template Injection (SSTI) vulnerability in Rejetto HFS. The script crafts a malicious HTTP request to execute arbitrary commands on the target server, demonstrating remote code execution (RCE).
This repository contains a functional Go-based exploit for CVE-2024-23692, targeting Rejetto HTTP File Server (HFS) versions 2.3 and below. The exploit sends crafted HTTP GET requests to execute arbitrary commands via template injection in the 'search' parameter.
The repository contains a functional Python script that exploits CVE-2024-23692, a Server-Side Template Injection (SSTI) vulnerability leading to Remote Code Execution (RCE). The script sends a crafted HTTP request with a malicious payload to execute arbitrary commands (e.g., 'ipconfig /all') and checks for vulnerability by detecting multiple 'RESULT' strings in the response.
This Metasploit module exploits an unauthenticated server-side template injection (SSTI) vulnerability in Rejetto HTTP File Server (HFS) 2.x, allowing remote code execution with the privileges of the user running the HFS.exe process. The exploit leverages the 'exec' macro and 'chr' macro to bypass character filtering and execute arbitrary commands.
Nuclei Templates (1)
product:"HttpFileServer httpd"
References (7)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H