CVE-2024-36401 PoC — GeoServer 安全漏洞

Source

https://github.com/whitebear-ch/GeoServerExploit

Associated Vulnerability

Title:GeoServer 安全漏洞 (CVE-2024-36401)
Description:GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞，该漏洞源于不安全地将属性名称解析为 XPath 表达式，可能导致远程代码执行。

Description

GeoServer（CVE-2024-36401/CVE-2024-36404）漏洞利用工具

Readme

# GeoServerExploit

![Made with Java](https://img.shields.io/badge/Made%20with-Java-%23ED8B00.svg?logo=openjdk&logoColor=white)
![GitHub Release](https://img.shields.io/github/v/release/whitebear-ch/GeoServerExploit)
![GitHub Issues or Pull Requests](https://img.shields.io/github/issues/whitebear-ch/GeoServerExploit)
![GitHub watchers](https://img.shields.io/github/watchers/whitebear-ch/GeoServerExploit)
![GitHub forks](https://img.shields.io/github/forks/whitebear-ch/GeoServerExploit)
![GitHub Repo stars](https://img.shields.io/github/stars/whitebear-ch/GeoServerExploit)

> 一款针对 GeoServer（CVE-2024-36401/CVE-2024-36404）的漏洞利用工具

本项目由 [@hony](https://github.com/h0ny/)、[@wh!te?be6ar](https://github.com/whitebear-ch) 共同开发。如果觉得这个项目对你有帮助，请别忘了点个 🌟Star 支持一下，谢谢。


## 使用示例

![img01](README.assets/img01.png)


## 致谢

- 感谢 [@Oasis。]() 的建议和帮助。


## 反馈

如果你有任何反馈，欢迎提交 [issues](https://github.com/whitebear-ch/GeoServerExploit/issues?q=)。

File Snapshot


 [4.0K]  /data/pocs/2916a489d5c727fa6a02e0b2f5d4866271c85cff
├── [4.0K]  README.assets
│   └── [332K]  img01.png
└── [1.1K]  README.md

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!