CVE-2020-13942

This repository provides proof-of-concept exploits for CVE-2020-13942, targeting Apache Unomi via MVEL and OGNL injection to achieve remote code execution. The PoC includes HTTP requests and curl commands to trigger the vulnerability.

The repository contains only a README with high-level steps for testing CVE-2020-13942 but lacks actual exploit code or automation scripts. It appears to be a placeholder or incomplete PoC.

This repository contains a proof-of-concept exploit for CVE-2020-13942, a pre-authentication remote code execution vulnerability in Apache Unomi. The exploit leverages a malicious JSON payload sent to the `/context.json` endpoint to execute arbitrary commands via JavaScript runtime injection.

This repository contains a Python-based exploit for CVE-2020-13942, targeting Apache Unomi's arbitrary code execution vulnerability via crafted MVEL/ONGL expressions. The PoC supports both direct command execution and reverse shell functionality.

This script exploits CVE-2020-13942, an Apache Unomi RCE vulnerability, by sending a malicious JSON payload via a POST request to execute arbitrary commands (e.g., 'id'). It checks for vulnerability by verifying the presence of the 'boom' string in the response.

This repository provides a working proof-of-concept exploit for CVE-2020-13942, an Expression Language Injection vulnerability in Apache Unomi 1.5.1. The exploit leverages MVEL expression injection to achieve remote code execution (RCE) via a crafted POST request.

This script exploits CVE-2020-13942, an Apache Unomi RCE vulnerability, by sending a malicious JSON payload via a POST request to execute arbitrary commands (e.g., 'id'). It checks for vulnerability by grepping for a specific response pattern.

This repository contains a working proof-of-concept exploit for CVE-2020-13942, targeting Apache Unomi. It includes two RCE vectors (MVEL and OGNL injection) and a Perl script to automate exploitation.

This repository provides functional exploit code for CVE-2020-13942, demonstrating OGNL and MVEL injection in Apache Unomi. The PoCs include HTTP requests that execute arbitrary commands via Runtime.exec(), with variations for Unicode encoding to bypass filters.