支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:702

70.2%
立即捐款

POC详情: 1047373398dafa8c30a6b9241debcdfc1c7e9272

来源
https://github.com/luizgaf/CVE-2024-32113-Exploit
关联漏洞
标题:Apache OFBiz 路径遍历漏洞 (CVE-2024-32113)
描述:Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache OFBiz 18.12.13之前版本存在路径遍历漏洞,该漏洞源于受限目录路径名不正确限制。
描述
CVE-2024-32113-Apache-OFBiz<18.12.13-Exploit
介绍
# CVE-2024-32113 Exploit

Apache OFBiz Path Traversal to RCE exploit.

## Description

CVE-2024-32113 is a Path Traversal vulnerability that leads to Remote Code Execution (RCE) in Apache OFBiz.

**Vulnerability**: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.

**Affected Versions**: Apache OFBiz before 18.12.13

**Solution**: Upgrade to version 18.12.13

## Usage

```bash
./exploit.py IP:PORT
```

Example:
```bash
./exploit.py 10.10.10.10:8443
```

Once connected, type commands to execute on the remote system.

<img width="1237" height="314" alt="image" src="https://github.com/user-attachments/assets/9584a6f5-b4f5-4e72-8605-5a0f3abfc416" />

## References

- https://nvd.nist.gov/vuln/detail/cve-2024-32113
- https://issues.apache.org/jira/browse/OFBIZ-13006
- https://github.com/Mr-xn/CVE-2024-32113

## Disclaimer

This tool is for educational and authorized testing purposes only.
文件快照

 [4.0K]  /data/pocs/1047373398dafa8c30a6b9241debcdfc1c7e9272
├── [2.2K]  exploit.py
└── [ 957]  README.md

1 directory, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。