NOMISEC-g33xter/CVE-2020-9496

NOMISEC WORKING POC

Exploit for CVE-2020-9496 - Apache Ofbiz - Insecure Deserialization

AI Analysis

This repository provides a functional exploit for CVE-2020-9496, leveraging unsafe Java deserialization in Apache OFBiz's xmlrpc endpoint to achieve remote code execution (RCE). The PoC uses ysoserial to generate a malicious payload and delivers it via a crafted XMLRPC request.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 1

https://github.com/g33xter/CVE-2020-9496

Stars 7

Forks 1

Last Push Apr 30, 2021

Authors

g33xter

Vulnerability

CVE-2020-9496

Apache Ofbiz - Insecure Deserialization

MEDIUM

CVSS 6.1