CVE-2021-26295

This repository contains functional exploit code for CVE-2021-26295, a deserialization vulnerability in Apache OFBiz. The PoC uses ysoserial to generate payloads and includes both a detection script (poc.py) and an exploitation script (exp.py) for command execution.

This repository contains functional exploit code for CVE-2021-26295, a deserialization vulnerability in Apache OFBiz. The PoC leverages ysoserial to generate malicious payloads and uses DNS logging for verification, demonstrating remote code execution capabilities.

This PoC exploits CVE-2021-26295, a deserialization vulnerability in Apache OFBiz, by sending a crafted SOAP request containing a serialized payload generated via ysoserial.jar. The payload triggers a DNS lookup to a specified dnslog, confirming successful exploitation.

The repository claims to provide a PoC for CVE-2021-26295 but lacks actual exploit code, instead directing users to external resources or vague instructions. The README is minimal and does not include technical details about the vulnerability.

This repository contains a functional exploit for CVE-2021-26295, an Apache OFBiz deserialization vulnerability. The exploit uses ysoserial to generate a malicious payload and sends it via a SOAP request to achieve remote code execution.

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated SOAP endpoint for versions prior to 17.12.06. It leverages the ROME library to execute arbitrary commands via a crafted serialized object.