CVE-2023-0669

This repository contains a functional exploit for CVE-2023-0669, a pre-authentication command injection vulnerability in GoAnywhere MFT. The exploit leverages deserialization of an attacker-controlled object via the License Response Servlet to achieve remote code execution.

This is a Python-based exploit for CVE-2023-0669, a pre-authentication deserialization vulnerability in GoAnywhere MFT. It crafts a malicious serialized object, encrypts it, and sends it to the target to achieve remote code execution.

This repository provides analysis and references for CVE-2023-0669, an unauthenticated RCE vulnerability in GoAnywhere. It includes a link to a vulnerable version of the software but does not contain exploit code.

This repository contains only a README file describing CVE-2023-0669, a command injection vulnerability in GoAnywhere MFT. No exploit code or technical details are provided.

This repository provides a Docker-based simulation of CVE-2023-0669, a deserialization vulnerability in Fortra GoAnywhere MFT. It includes an attacker container generating a malicious payload using ysoserial, a vulnerable server container, and a listener container to confirm exploitation via a curl-based callback.

This Java-based helper tool encrypts a serialized payload generated by ysoserial to exploit CVE-2023-0669, a deserialization vulnerability in GoAnywhere Encryption Helper. It supports two encryption versions and outputs a Base64-encoded payload for RCE.

This Metasploit module exploits CVE-2023-0669, an unsafe deserialization vulnerability in Fortra GoAnywhere MFT. It generates a malicious serialized Java object, encrypts it, and sends it to the target endpoint to achieve remote code execution.