Skip to content
/ CVE-2024-23692-RCE-in-Rejetto-HFS Public

Unauthenticated RCE Flaw in Rejetto HTTP File Server (CVE-2024-23692)

6 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
detect.py
detect.py
 
 
exploit.py
exploit.py
 
 

Repository files navigation

Unauthenticated RCE Flaw in Rejetto HTTP File Server (CVE-2024-23692) - exploit code

CVE-2024-23692 is a critical vulnerability in Rejetto HTTP File Server (HFS) version 2.3m, allowing unauthenticated remote code execution (RCE).

This flaw enables attackers to execute arbitrary code on the server, posing significant security risks. In this post, we examine Rejetto HFS, the affected versions, the impact of the vulnerability, and the timeline of its discovery and remediation.

Usage

Exploit script:

python3 exploit.py <target_ip> <target_port> <cmd>

# Example:
python3 exploit.py 192.168.130.100 80 calc

Detection script:

python detect.py <target_ip> <target_port>

Disclaimer

This exploit script has been created solely for research and the development of effective defensive techniques. It is not intended to be used for any malicious or unauthorized activities. The script's author and owner disclaim any responsibility or liability for any misuse or damage caused by this software. Just so you know, users are urged to use this software responsibly and only by applicable laws and regulations. Use responsibly.

About

Unauthenticated RCE Flaw in Rejetto HTTP File Server (CVE-2024-23692)

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages