POC详情: 1047373398dafa8c30a6b9241debcdfc1c7e9272

来源
https://github.com/luizgaf/CVE-2024-32113-Exploit
关联漏洞
标题: Apache OFBiz 路径遍历漏洞 (CVE-2024-32113)
描述:Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache OFBiz 18.12.13之前版本存在路径遍历漏洞,该漏洞源于受限目录路径名不正确限制。
描述
CVE-2024-32113-Apache-OFBiz<18.12.13-Exploit
介绍
# CVE-2024-32113 Exploit

Apache OFBiz Path Traversal to RCE exploit.

## Description

CVE-2024-32113 is a Path Traversal vulnerability that leads to Remote Code Execution (RCE) in Apache OFBiz.

**Vulnerability**: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.

**Affected Versions**: Apache OFBiz before 18.12.13

**Solution**: Upgrade to version 18.12.13

## Usage

```bash
./exploit.py IP:PORT
```

Example:
```bash
./exploit.py 10.10.10.10:8443
```

Once connected, type commands to execute on the remote system.

<img width="834" height="208" alt="image" src="https://github.com/user-attachments/assets/f43582b3-f1eb-499f-a815-644d9d5f2b4d" />


## References

- https://nvd.nist.gov/vuln/detail/cve-2024-32113
- https://issues.apache.org/jira/browse/OFBIZ-13006
- https://github.com/Mr-xn/CVE-2024-32113

## Disclaimer

This tool is for educational and authorized testing purposes only.
文件快照

 [4.0K]  /data/pocs/1047373398dafa8c30a6b9241debcdfc1c7e9272
├── [2.2K]  exploit.py
└── [ 957]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。