admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-12-31 23:12:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-9496

Browse Source
This commit is contained in:
tardc 2020-11-27 10:16:40 +08:00
parent e95280978e
commit c98d280949
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
OFBiz/CVE-2020-9496/CVE-2020-9496.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 207 KiB

11
OFBiz/CVE-2020-9496/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2020-9496 Apache OFBiz Deserialization RCE
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
**Affected version**: Apache OFBiz 17.12.03
**[FOFA](https://fofa.so/result?q=header%3D%22Set-Cookie%3A+OFBiz.Visitor%22&qbase64=aGVhZGVyPSJTZXQtQ29va2llOiBPRkJpei5WaXNpdG9yIg%3D%3D&file=&file=) query rule**: header="Set-Cookie: OFBiz.Visitor"
# Demo
![](CVE-2020-9496.gif)