id: hfs-exposure
info:
name: HFS Panel - Exposure
author: tess,darses
severity: unknown
classification:
cpe: cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: rejetto
product: http_file_server
shodan-query:
- title:"HFS /"
- "Set-Cookie: HFS_SID_="
- http.favicon.hash:2124459909
tags: misconfig,hfs,exposure,panel,vuln
http:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "HFS ="
- "Build-time:"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
extractors:
- type: regex
name: server-info
group: 1
regex:
- ">HttpFileServer\\s+([\\d\\w\\.\\s]+)\\s*(随波汉化版)?</a>"
- type: kval
name: server-header
part: header
kval:
- Server
# digest: 4a0a00473045022100807fa8c6616962fc0bf8a8e1277132d33574de5b1d3be952cb471828ebf37f69022050528e3272814579ad4e73d2c70e1d9dca5cf4f97386981709c31d27bad598cc:922c64590222798bb761d5b6d8e72950