Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26295 PoC — Apache OFBiz 代码问题漏洞

Source
https://github.com/yuaneuro/ofbiz-poc
Associated Vulnerability
Title:Apache OFBiz 代码问题漏洞 (CVE-2021-26295)
Description:Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache OFBiz prior to 17.12.06 存在安全漏洞,该漏洞源于不安全的反序列化,攻击者可利用该漏洞可以完全控制Apache OFBiz系统。
Description
CVE-2020-9496和CVE-2021-26295利用dnslog批量验证漏洞poc及exp
Readme
# ofbiz-poc
CVE-2020-9496和CVE_2020_9496利用dnslog批量验证漏洞poc及exp

## OFBiz_CVE_2020_9496.py 及 OFBiz_CVE_2021_26295.py 为单个漏洞验证

## ofbiz_poc.py 为批量验证两个漏洞,将需要批量验证的网站保存至urls.txt

### 漏洞复现请查看:[https://yuaneuro.cn/archives/ofbiz.html](https://yuaneuro.cn/archives/ofbiz.html)
File Snapshot

 [4.0K]  /data/pocs/7160d26b50d0ef41c612ca8c8e9c03bb430ae759
├── [3.4K]  OFBiz_CVE_2020_9496.py
├── [3.6K]  OFBiz_CVE_2021_26295.py
├── [ 232]  ofbiz_poc.py
├── [ 365]  README.md
├── [  15]  urls.txt
└── [ 57M]  ysoserial.jar

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.