Author Topic: Exploits  (Read 3868 times)

0 Members and 1 Guest are viewing this topic.

Offline portfolis

  • Occasional poster
  • *
  • Posts: 3
    • View Profile

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 841
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: Exploits
« Reply #1 on: July 16, 2015, 12:57:50 PM »
re read you database, they have been fixed:

https://www.exploit-db.com/exploits/34852/ applies to these hfs versions: HTTP File Server 2.3a - 2.3b - 2.3c ...


https://www.exploit-db.com/exploits/34668/ was the orginal 0day exdploit on the forum that has been solved...

Has already been patched, another "programer / ethecial hacker Author: metasploit https://www.exploit-db.com/exploits/34926/  vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas (the 0day exploit, some detail in the code...

https://www.exploit-db.com/exploits/30850/ applies to these hfs versions: versions prior to HTTP File Server 2.2b

----------------------^ have been patched ^---------------------------

i would have rejeto double check these tow, as it goes over code, unsure if its a script that Author: Felipe M. Aragon has done, but is news to me... Probably have been patched by now...

https://www.exploit-db.com/exploits/31056/ ???DOS attack
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline portfolis

  • Occasional poster
  • *
  • Posts: 3
    • View Profile
Re: Exploits
« Reply #2 on: July 16, 2015, 09:25:57 PM »
Thank you very much for your answer

So, what do you advice me to do with this https://www.exploit-db.com/exploits/31056/ ? Is it fixed or it's better to wait for new version of hfs?

Offline Mars

  • Operator
  • Tireless poster
  • *****
  • Posts: 1876
    • View Profile
Re: Exploits
« Reply #3 on: July 16, 2015, 10:04:00 PM »
EDB-ID: 31056    CVE: 2008-0406    OSVDB-ID: 42509
Verified:    Author: Felipe M. Aragon    Published: 2008-01-23
Download Exploit: Source Raw    Download Vulnerable App: N/A


one has only to look at the date of publication to realize that HFS has evolved into security -> obsolete threat


Follow members gave a thank to your post:


Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 841
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: Exploits
« Reply #4 on: July 16, 2015, 10:33:32 PM »
Thank you very much for your answer

So, what do you advice me to do with this https://www.exploit-db.com/exploits/31056/ ? Is it fixed or it's better to wait for new version of hfs?

I totally forgot to look at the date on that one... :p

Thank you Mars, so Yeah, so far, the exploits are all patched...(the one reported anyways...)
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline portfolis

  • Occasional poster
  • *
  • Posts: 3
    • View Profile
Re: Exploits
« Reply #5 on: July 17, 2015, 08:47:57 PM »
Ok
Thank you

Offline username1565

  • Occasional poster
  • *
  • Posts: 31
    • View Profile
Re: Exploits
« Reply #6 on: February 27, 2019, 04:11:12 PM »
What is this: https://www.exploit-db.com/exploits/39161
Is this fixed? How to fix this?

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 841
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: Exploits
« Reply #7 on: March 01, 2019, 01:31:47 PM »
What is this: https://www.exploit-db.com/exploits/39161
Is this fixed? How to fix this?

Yes, that was the original 2014 remote command verio . The bug was I. The search setting with the template I. Wothch special characters when searched (such as the null byte). This has been patch by multiple versions atm.
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline username1565

  • Occasional poster
  • *
  • Posts: 31
    • View Profile
Re: Exploits
« Reply #8 on: March 15, 2019, 04:34:54 PM »
What's is this I see near HFS executable file?
UPD: Version of hfs.exe and hashes, you can see here

Inside the folder %TEMP% which I will not saw earlier, I see *.vbs files with following code:
Is this exploit or not?

« Last Edit: March 16, 2019, 11:27:11 AM by username1565 »

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12946
    • View Profile
Re: Exploits
« Reply #9 on: March 17, 2019, 05:32:32 PM »
i'm sorry but you were clearly attacked because of some bug.
I read from another topic that you are using 2.3a, and that explains all.
Sadly, in the world of server software you cannot stay behind updates and be exposed on the internet. You could only if you stayed in a closed and safe environment, or you make a detailed research and find that no update you are missing contains critical fixes.