HttpFileServer 2.3.x Remote Command Execution Vulnerability

ID 1337DAY-ID-22640
Type zdt
Reporter Daniele Linguaglossa
Modified 2014-09-13T00:00:00


Exploit for multiple platform in category remote exploits

                                            Affected software:
Version : 2.3x
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 11-09-2014
# Remote: Yes
# Exploit Author: Daniele Linguaglossa
# Vendor Homepage:
# Software Link:
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287

issue exists due to a poor regex in the file ParserLib.pas

function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;

it will not handle null byte so a request to


will stop regex from parse macro , and macro will be executed and remote code injection happen.

# [2018-04-13]  #