### [CVE-2014-6287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

### POC

#### Reference
- http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/39161/

#### Github
- https://github.com/0xTabun/CVE-2014-6287
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AfvanMoopen/tryhackme-
- https://github.com/Mithlonde/Mithlonde
- https://github.com/Nicoslo/Windows-exploitation-Rejetto-HTTP-File-Server-HFS-2.3.x-CVE-2014-6287
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/QuantumPhysx2/CVE-Cheat-Sheet
- https://github.com/SlizBinksman/THM-Steel_Mountain-CVE-2014-6287
- https://github.com/hadrian3689/rejetto_hfs_rce
- https://github.com/iandrade87br/OSCP
- https://github.com/karolinaras/THM-SteelMountain
- https://github.com/macosta-42/Exploit-Development
- https://github.com/mrintern/thm_steelmountain_CVE-2014-6287
- https://github.com/oplogix/Helpful-Scripts
- https://github.com/personaone/OSCP
- https://github.com/promise2k/OSCP
- https://github.com/randallbanner/Rejetto-HTTP-File-Server-HFS-2.3.x---Remote-Command-Execution
- https://github.com/refabr1k/oscp_notes
- https://github.com/rnbochsr/Steel_Mountain
- https://github.com/roughiz/cve-2014-6287.py
- https://github.com/testermas/tryhackme
- https://github.com/thepedroalves/HFS-2.3-RCE-Exploit
- https://github.com/tipotto/cheatsheet
- https://github.com/wizardy0ga/THM-Steel_Mountain-CVE-2014-6287
- https://github.com/xsudoxx/OSCP
- https://github.com/zhsh9/CVE-2014-6287