CVE-2023-32315

rce

CVE-2023-32315 0x01 获取返回的JSESSIONID和csrftoken ,构造请求包新增用户(替换JSESSIONID、csrftoken) cd CVE-2023-32315-Openfire-Bypass/scan_all go mod tidy go run maingo -u openfirecom:9090 0x02 插件编译安装 mvn clean package 或 releases下载插件 0x03 上传插件

Kinsing-Killer

kinsing-killer Kinsing-Killer Um Script Simples em SH para matar rapidamente o virus Kinsing que afeta maquinas linux rodando versoes vulneraveis do docker openfire ou cluster postgree/sql - geralmente usa uma cve secundaria para entrar na maquina e jogar um script minerador no seu servidor Se você assim como eu encontrou esse carinha chato no seu dia a dia espero ter aju

A plugin for the Openfire Real-time communications server that removes entries for Openfire's authentication filter that are susceptible to abuse.

Openfire AuthFilter Sanitizer Plugin A plugin for the Openfire Real-time communications server that removes entries for Openfire's authentication filter that are susceptible to abuse (CVE-2023-32315) Installation Copy the authfiltersanitizerjar file into the plugins directory of your Openfire installation The plugin will then be automatically deployed To upgrade to a n

CVE-2023-32315-Openfire-Bypass

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py 概述 这个代码是CVE-2023-32315 Python版本的POC，用于执行一系列操作来验证目标网站是否受 CVE-2023-32315 漏洞的影响，并尝试在受影响的网站上执行一些操作。 经过验证，cookie的csrf和jsessionid并非必要，只要有而且格式正确就行，40x左右的低版本没用cs

Perform With Massive Openfire Unauthenticated Users

CVE-2023-32315 Openfire's administrative console (the Admin Console), a web-based application, was found to be vulnerable to a path traversal attack via the setup environment This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environmentin an already configured Openfire environment to access restricted pages in the Openfire Admin Console res

Perform With Massive Openfire Unauthenticated Users

CVE-2023-32315 Openfire's administrative console (the Admin Console), a web-based application, was found to be vulnerable to a path traversal attack via the setup environment This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environmentin an already configured Openfire environment to access restricted pages in the Openfire Admin Console res

Openfire Console Authentication Bypass Vulnerability with RCE plugin

CVE-2023-32315 Openfire Console Authentication Bypass Vulnerability with RCE plugin Setup git clone githubcom/miko550/CVE-2023-32315git cd CVE-2023-32315 pip3 install -r requirementstxt Usage python3 CVE-2023-32315py -t 127001:9090 python3 CVE-2023-32315py -l liststxt Step R

CVE-2023-32315 GET /setup/setup-s/%002e%002e/Su002esu002e/logjsp HTTP/11 Host: 19216840132:9090 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/50 (Windows NT 100; Win64; X64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/10905414120 Safari/53736 Accept: text/html,application/xhtml+ml,application/xml;q=09,image/avif,image/webp,image/apng ,*/*;9=08, application/sig

Tool for CVE-2023-32315 exploitation

CVE-2023-32315 Tool for CVE-2023-32315 exploitation Features: Scans single or bulk targets from txt files Utilizes multiprocessing for faster scanning Automatic login capability Installation: Make sure you're in this repo's directory and have python3 installed Install required packages using: pip install -r requirementstxt

Jab githubcom/miko550/CVE-2023-32315 grep -oP '\K[^<]+@jabhtb(?=)' outputlog | sed 's/@jabhtb//g' | sort | uniq > output_filteredlst

A PoC exploit for CVE-2023-32315 - Openfire Authentication Bypass

CVE-2023-32315 - Openfire Authentication Bypass This repository highlights a high security issue impacting various versions of Openfire Openfire, a cross-platform real-time collaboration server utilizing the XMPP protocol developed by the Ignite Realtime community, faces a severe vulnerability within its administrative console (Admin Console) The vulnerability lies within the

Simple query from the https://sploitus.com page and export the results to a file in JSON format.

sploitGET Truy vấn đơn giản từ trang sploituscom và xuất kết quả ra file dưới dạng file JSON Usage >>> python3 sploitGETpy --help usage: mainpy [-h] -q QUERY [-t {exploits,tools}] [-s {default,date,score}] options: -h, --help show this help message and exit -q QUERY, --query QUERY

short writeup for machine JAB hack the box

Lab JAB - Hack The Box Walkthrough This document outlines the steps followed to complete the "JAB" lab on Hack The Box, including the commands used with IP addresses replaced by placeholders Initial Reconnaissance Kerberos Enumeration: A vulnerable Kerberos ticket for jmontgomery was identified and exploited to extract critical information without providing the exact