POC详情: 6b27c577b7ea8a15559c8e89c9664046d9f88c4c

来源
https://github.com/justin-p/geoexplorer
关联漏洞
标题: GeoServer 安全漏洞 (CVE-2024-36401)
描述:GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞,该漏洞源于不安全地将属性名称解析为 XPath 表达式,可能导致远程代码执行。
描述
Mass scanner for CVE-2024-36401
介绍
# GeoExplorer

GeoExplorer is a mass scanner project consisting of a client and server component designed to test GeoServer instances for CVE-2024-36401 and log successful exploitations.

## Project Structure

- `client/`: Contains the client-side Python script for sending specially crafted requests to abuse CVE-2024-36401 on GeoServer instances.
- `server/`: Contains the server-side async FastAPI application for logging incoming requests from exploited servers.

## Getting Started

1. Set up the server component by following the instructions in `server/README.md`.
2. Use the client component as described in `client/README.md`.

## License

This project is licensed under the MIT License.
文件快照

 [4.0K]  /data/pocs/6b27c577b7ea8a15559c8e89c9664046d9f88c4c
├── [4.0K]  client
│   ├── [6.0K]  main.py
│   ├── [1.0K]  README.md
│   └── [  25]  requirements.txt
├── [1.0K]  LICENSE
├── [ 697]  README.md
└── [4.0K]  server
    ├── [ 314]  docker-compose.yml
    ├── [ 205]  Dockerfile
    ├── [2.4K]  main.py
    ├── [4.0K]  __pycache__
    │   └── [3.2K]  main.cpython-39.pyc
    ├── [1.3K]  README.md
    └── [  62]  requirements.txt

3 directories, 11 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。