CVE-2023-32315

This repository contains a Go-based scanner and exploit for CVE-2023-32315, which bypasses authentication in Openfire to create admin users and upload malicious plugins for RCE. The PoC automates the retrieval of JSESSIONID/csrf tokens, user creation, and plugin upload.

This PoC exploits CVE-2023-32315, an authentication bypass vulnerability in Openfire, by creating an admin user via path traversal and then uploading a malicious plugin for RCE. The exploit automates the process of retrieving session tokens, adding a user, and preparing for plugin upload.

This PoC exploits CVE-2023-32315, an authentication bypass vulnerability in Openfire's Admin Console via path traversal using non-standard UTF-16 URL encoding. It adds unauthorized admin credentials by bypassing authentication checks.

This PoC exploits CVE-2023-32315, an authentication bypass vulnerability in Openfire's administrative console via path traversal. It creates an admin user without authentication, demonstrating the vulnerability's impact.

This Python script is a PoC for CVE-2023-32315, an authentication bypass vulnerability in Openfire. It checks the target's version, retrieves session tokens, and adds a random user to verify exploitation.

This is a functional exploit for CVE-2023-32315, an authentication bypass vulnerability in Openfire. It automates the creation of an admin user and logs in to the dashboard by leveraging a path traversal flaw in the setup process.

The repository contains only a README.md file with no exploit code or technical details. No actionable proof-of-concept is present.

This repository contains a functional Python exploit for CVE-2023-32315, an authentication bypass and RCE vulnerability in Openfire. The exploit follows a clear attack chain: Unicode-encoded path traversal to bypass authentication, creation of an admin user, and subsequent plugin upload for RCE.

This repository provides a proof-of-concept exploit for CVE-2023-32315, targeting Openfire. It includes steps to obtain session tokens, compile and upload a malicious plugin, and achieve remote command execution via a webshell.

This exploit leverages an authentication bypass vulnerability (CVE-2023-32315) in Openfire by using path traversal with double encoding to reactivate the setup process and create an admin user without authentication.

This PoC exploits CVE-2023-32315, a path traversal vulnerability in Openfire's administrative console, allowing unauthenticated users to create admin accounts via the setup environment. It automates the process of retrieving a CSRF token and sending a crafted request to add credentials.

This PoC demonstrates a path traversal vulnerability in an unspecified web application, allowing unauthorized access to sensitive files via a crafted HTTP GET request. The exploit leverages double URL-encoded directory traversal sequences to bypass security controls.

This Metasploit module exploits CVE-2023-32315, an authentication bypass in Openfire via path traversal, to create an admin user and upload a weaponized plugin for RCE.