HttpFileServer 2.3.x Remote Command Execution

Google Dork: intext:"httpfileserver 2.3"
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287

issue exists due to a poor regex in the file ParserLib.pas

function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;

it will not handle null byte so a request to


HttpFileServer 2.3.x