CVE-2020-9496

This repository provides a functional exploit for CVE-2020-9496, leveraging unsafe Java deserialization in Apache OFBiz's xmlrpc endpoint to achieve remote code execution (RCE). The PoC uses ysoserial to generate a malicious payload and delivers it via a crafted XMLRPC request.

This repository contains functional exploit code for CVE-2021-26295, a deserialization vulnerability in Apache OFBiz. The PoC leverages ysoserial to generate malicious payloads and uses DNS logging for verification, demonstrating remote code execution capabilities.

This repository contains a functional exploit for CVE-2020-9496, an unsafe deserialization vulnerability in Apache OFBiz. The exploit leverages the ysoserial tool to generate malicious payloads and sends them to the vulnerable XML-RPC endpoint, resulting in remote code execution.

The repository provides setup instructions for a vulnerable Apache OFBiz environment and references a Nuclei template for detecting CVE-2020-9496, which is a deserialization vulnerability. It does not include direct exploit code but leverages an external scanner.

This repository contains a functional exploit for CVE-2020-9496, targeting Apache OFBiz 17.12.01 via unsafe deserialization in XML-RPC requests. The exploit automates the delivery of a reverse shell payload using ysoserial and curl commands.

The repository contains only a README with a YouTube link and no actual exploit code or technical details about CVE-2020-9496. This is indicative of a social engineering lure rather than a legitimate PoC.

This repository contains a functional exploit for CVE-2020-9496, which leverages unsafe deserialization in Apache OFBiz 17.12.03 via XML-RPC requests. The exploit uses ysoserial to generate a malicious payload and sends it to the target endpoint to achieve remote code execution.

This repository provides a functional exploit for CVE-2020-9496, an unsafe deserialization vulnerability in Apache OFBiz. The exploit leverages ysoserial to generate a malicious payload, which is then sent via a crafted XMLRPC request to achieve remote code execution (RCE).

This exploit leverages unsafe deserialization in Apache OfBiz 17.12.01 via XMLRPC endpoints to achieve remote command execution. It uses ysoserial to generate malicious payloads and delivers them through crafted XMLRPC requests.