CVE-2023-25157 PoC — GeoServer SQL注入漏洞

Source

Associated Vulnerability

Description

Geoserver SQL Injection Exploit

Readme

# Geoserver SQL Injection Exploit

In this year, a cve  got published  for Geoserver with the ID CVE-2023-25157.  
I saw this vulnerability in one of my projects and tried to exploit it.  
And here it is, the complete exploit.  
In this repo([https://github.com/0x2458bughunt/CVE-2023-25157](https://github.com/0x2458bughunt/CVE-2023-25157)) you can use the detector to find out what tergets have the technology and vulnerability.
After using detector, you can use my code for exploiting those.

## How to Run:
  You Should install "requests" with this command first:  
     ```
     pip install requests
     ```  
  At the second, create an input text file and insert the targets in it(Like www.example.com or 1.1.1.1:8080).Be aware, you should insert one target per line.  
  Then, Run the program like this:  
    ```
    python3 main.py Input.txt
    ```  
  or  
  ```
  python3 main.py
  Urls File: Input.txt
```
Use & Enjoy  😇😇😇😇  
# Refrences
  https://github.com/geoserver/geoserver/blob/main/README.md  
  https://www.acunetix.com/vulnerabilities/web/geoserver-sqli-cve-2023-25157/  
  https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158  
  https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158  
  https://medium.com/@knownsec404team/geoserver-sql-injection-vulnerability-analysis-cve-2023-25157-413c1f9818c3  
  https://github.com/0x2458bughunt/CVE-2023-25157  
# Contact Me
 If you had any question or order cantact me through my e-mail: dctfp@protonmail.com

File Snapshot

 [4.0K]  /data/pocs/50f4d5494ee9b46e647f1e50fe85da944c4e41f1
├── [9.0K]  dbFinder.py
├── [ 494]  main.py
└── [1.5K]  README.md

0 directories, 3 files

Remarks