Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467

Apache OFBiz is an open source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.

CVE-2023-49070 is a pre-authentication Remote Code Execution (RCE) vulnerability which has been identified in Apache OFBiz 18.12.09. The issue stems from the presence of XML-RPC, which is no longer maintained but remains in the system.

CVE-2023-51467 permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code.

Affected versions: 18.12.10 and below

This exploit scans whether the provided target is vulnerable and also exploits it depending on the choice of the user.

Usage: python3 exploit.py https://localhost:8443/

Reference: https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz

Note: You should have the ysoserial-all.jar file in the same directory as the exploit. You can either download it from this repo or from https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar.

If the serialization does not happen or if the exploit is not successful due to some reason, follow the steps below to downgrade your java version and try again.

update-java-alternatives --list

sudo update-java-alternatives --set /usr/lib/jvm/java-1.11.0-openjdk-amd64

sudo update-java-alternatives --set <Any_lower_compatible_version>

Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited.