POC详情: 3cc1cf593c87f329aaeb9705f63d604471cdf916

来源
https://github.com/Chocapikk/CVE-2024-36401
关联漏洞
标题: GeoServer 安全漏洞 (CVE-2024-36401)
描述:GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞,该漏洞源于不安全地将属性名称解析为 XPath 表达式,可能导致远程代码执行。
描述
GeoServer Remote Code Execution
介绍
# 🚀 GeoServer Exploit for CVE-2024-36401 🚀


## 📝 Description

**GeoServer** is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.

In versions of GeoServer earlier than **2.23.6**, versions **2.24.0** to **2.24.3**, and versions **2.25.0** to **2.25.0**, there exists a vulnerability (**CVE-2024-36401**) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.

Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.

## 🛠️ Setup

### Requirements
Install the required libraries using pip:
```sh
pip install -r requirements.txt
```

## 🚀 Usage

1. Clone the repository:
    ```sh
    git clone https://github.com/Chocapikk/CVE-2024-36401.git
    cd CVE-2024-36401
    ```

2. Run the exploit script with the required parameters:
    ```sh
    python exploit.py -u <target_url> -ip <your_ip> -port <your_port> [--proxy <proxy_url>] [--bind-host <bind_host>] [--bind-port <bind_port>]
    ```

### Example:
```sh
python exploit.py -u http://localhost:8080 -ip 192.168.1.36 -port 1337 --proxy http://127.0.0.1:8081
```

## 📜 Example Output
![Test](geo.png)

## 🙏 Credits

This exploit code was created by:
- [Chocapikk](https://github.com/Chocapikk)
- [K3ysTr0K3R](https://github.com/K3ysTr0K3R)

## ⚠️ Disclaimer

This exploit is for educational purposes only. Use it at your own risk. The author is not responsible for any damage caused by this code.
文件快照

 [4.0K]  /data/pocs/3cc1cf593c87f329aaeb9705f63d604471cdf916
├── [6.7K]  exploit.py
├── [140K]  geo.png
├── [1.8K]  README.md
└── [  30]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。