ofbiz-CVE-2023-49070-RCE-POC

This is a pre-auth RCE POC For CVE-2023-49070 which affected Apache ofbiz applications < 18.12.10 due to xml-rpc java deserialzation bug.
for more information please refer to : https://github.com/advisories/GHSA-9rm6-p86c-42xm

dockered vulnerable ofbiz image : https://hub.docker.com/r/marcopinball/ofbiz-demo

You must download ysoserial-all.jar from here

wget https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar

Dns POC

RCE POC

This tweets helped me alot :

This exploit has been developed by Abdelhameed Ghazy.
Twitter : https://twitter.com/abd0ghazy Linkedin : https://www.linkedin.com/in/abdelhameed-ghazy-1a50b619a/

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

exploit.py

exploit.py

Repository files navigation

ofbiz-CVE-2023-49070-RCE-POC

You must download ysoserial-all.jar from here

Dns POC

RCE POC

This tweets helped me alot :

About

Releases

Packages

Languages

abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC

Folders and files

Latest commit

History

README.md

README.md

exploit.py

exploit.py

Repository files navigation

ofbiz-CVE-2023-49070-RCE-POC

You must download ysoserial-all.jar from here

Dns POC

RCE POC

This tweets helped me alot :

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages