rejetto forum

Warning: HFS v2.x has a severe vulnerability

LeoNeeson · 32 · 137051

0 Members and 1 Guest are viewing this topic.

Offline danny

  • Tireless poster
  • ****
    • Posts: 288
    • View Profile
Edit:  Here is an approach with Auto-Ban.   This will not catch everything--keep scrolling, several posts further down.
in hfs.events (alt+f6)
Code: [Select]
[+request]
{.if|{.match|*filter=*.exec*;*search=*.exec*;*.exec*;*%host%*;*_host_*;*cmd.exe*;*&cmd=*;*powershell+*;*/wp-includes/*|%url%.}|{:
{.set|n|{.from table|#tries|%ip%.}.}{.inc|n.}{.set table|#tries|%ip%={.^n.}.}
{.if|{.{.^n.} > 0.}|{:
{.set ini|ban-list={.no pipe|{.from table|#ini|ban-list.}%ip%#AutoBan {.time.}.}.}{.set table|#tries|%ip%=0.}
:}/if.}
{.disconnect.}{.add to log|%ip% %user% BANNED FOR POSSIBLE SECURITY THREAT.}:}.}
Note:  This is possibly useful in combination with the TINYWALL firewall project, an egress blocking firewall, whereby you'd let through (allow) your web browser, HFS (possibly unblock lan), and very little else.  Newer version or there is also older version (for older server).
« Last Edit: July 10, 2025, 01:55:24 AM by danny »


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 873
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
in hfs.events (alt+f6)
Code: [Select]
[+request]
{.if|{.match|*filter=*.chr*;*search=*.chr*;*filter=*.save*;*search=*.save*;*filter=*.section*;*search=*.section*;*filter=*.break*;*search=*.break*;*filter=*.move*;*search=*.move*;*filter=*.set*;*search=*.set*;*filter=*_host_*;*search=*_host_*;*filter=*%host%*;*search=*%host%*;*filter=*.exec*;*search=*.exec*;*.exec*;*%host%*;*_host_*;*.chr*;*.exe*;*.bat*;*.ps*;*.com*;*.php*;*.py*;*.vbs*|%url%.}|{:{.disconnect.}{.add to log|%ip% %user% IS DENIED.}:}.}

Is that a good approach?  And, if so, how much of that filter is actually needed?  Thanks!!!
Hey Danny, good to see you again! :D

Unfortunately, none of those filters are going to stop this vulnerability, and they're not really useful in this specific situation. You can use them if you want, but they won't do anything to prevent this.

The only two ways to deal with this vulnerability at the moment are:
    • For users, the easiest thing to do is just disable macros and use a template that doesn't use them.
    • For programmers, the other option is recompiling the executable (after fixing the function that allow this vulnerability).

    - To disable macros, follow these steps, described HERE.
    - Then, you can use a template like these, found HERE.

    (That should keep you safe from the vulnerability!)

    That’s all we've got for now. Hope it helps! :)

    Cheers,
    Leo.-
    HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
    » Currently taking a break, until HFS v2.4 get his stable version.