Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-36401 PoC — GeoServer 安全漏洞

Source
https://github.com/thestar0/CVE-2024-36401-WoodpeckerPlugin
Associated Vulnerability
Title:GeoServer 安全漏洞 (CVE-2024-36401)
Description:GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞,该漏洞源于不安全地将属性名称解析为 XPath 表达式,可能导致远程代码执行。
Description
CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件
Readme
# CVE-2024-36401-WoodpeckerPlugin
## 安装
下载源码执行
```bash
   mvn package 
```
将 target 下的jar包放在 [woodpecker-framework](https://github.com/woodpecker-framework/)  下的 plugin 文件夹中
不想自编译,可以直接下载 CVE-2024-36401-WoodpeckerPlugin-1.0-SNAPSHOT-all.jar 附件,放入 woodpecker-framework 下的 plugin 文件夹中


## 简介

![img.png](assets/img1.png)


## Poc探测
![img.png](assets/img2.png)

## Exp利用

poc探测完,右键发送到Exploit

![img.png](assets/img3.png)

在 command=xx,xx为执行的任意命令

![img.png](assets/img4.png)

## 内存马注入

doing
File Snapshot

 [4.0K]  /data/pocs/b6b8ffc8d4df899cba8a270bcd7afe3dfe1ebef5
├── [1.0K]  assembly.xml
├── [4.0K]  assets
│   ├── [148K]  img1.png
│   ├── [179K]  img2.png
│   ├── [195K]  img3.png
│   └── [ 61K]  img4.png
├── [3.4K]  pom.xml
├── [ 633]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  me
                └── [4.0K]  gv7
                    └── [4.0K]  woodpecker
                        └── [4.0K]  plugin
                            ├── [4.0K]  exploits
                            │   └── [7.7K]  Exploit.java
                            ├── [4.0K]  pocs
                            │   └── [8.5K]  Poc.java
                            ├── [4.0K]  utils
                            │   └── [1.5K]  Utils.java
                            ├── [1.3K]  VulPluginInfo.java
                            └── [ 746]  WoodpeckerPluginManager.java

11 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.