Openfire authentication bypass with RCE plugin
Title source: metasploitExploitation Summary
CVE-2023-32315 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 24, 2023, with confirmed use in ransomware campaigns.
EIP tracks 15 public exploits from researchers including tangxiaofeng7, miko550, K3ysTr0K3R, including a Metasploit module exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.
A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a Go-based scanner and exploit for CVE-2023-32315, which bypasses authentication in Openfire to create admin users and upload malicious plugins for RCE. The PoC automates the retrieval of JSESSIONID/csrf tokens, user creation, and plugin upload.
Description
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
Exploits (15)
This repository contains a Go-based scanner and exploit for CVE-2023-32315, which bypasses authentication in Openfire to create admin users and upload malicious plugins for RCE. The PoC automates the retrieval of JSESSIONID/csrf tokens, user creation, and plugin upload.
This PoC exploits CVE-2023-32315, an authentication bypass vulnerability in Openfire, by creating an admin user via path traversal and then uploading a malicious plugin for RCE. The exploit automates the process of retrieving session tokens, adding a user, and preparing for plugin upload.
This PoC exploits CVE-2023-32315, an authentication bypass vulnerability in Openfire's Admin Console via path traversal using non-standard UTF-16 URL encoding. It adds unauthorized admin credentials by bypassing authentication checks.
This repository contains a functional exploit for CVE-2023-32315, an authentication bypass vulnerability in Openfire's administrative console. The exploit leverages path traversal via the setup environment to create an admin user without authentication.
This PoC exploits CVE-2023-32315, an authentication bypass vulnerability in Openfire's administrative console via path traversal. It creates an admin user without authentication, demonstrating the vulnerability's impact.
This Python script is a PoC for CVE-2023-32315, an authentication bypass vulnerability in Openfire. It checks the target's version, retrieves session tokens, and adds a random user to verify exploitation.
This is a functional exploit for CVE-2023-32315, an authentication bypass vulnerability in Openfire. It automates the creation of an admin user and logs in to the dashboard by leveraging a path traversal flaw in the setup process.
The repository contains only a README.md file with no exploit code or technical details. No actionable proof-of-concept is present.
This repository contains a functional Python exploit for CVE-2023-32315, an authentication bypass and RCE vulnerability in Openfire. The exploit follows a clear attack chain: Unicode-encoded path traversal to bypass authentication, creation of an admin user, and subsequent plugin upload for RCE.
This repository provides a proof-of-concept exploit for CVE-2023-32315, targeting Openfire. It includes steps to obtain session tokens, compile and upload a malicious plugin, and achieve remote command execution via a webshell.
This exploit leverages an authentication bypass vulnerability (CVE-2023-32315) in Openfire by using path traversal with double encoding to reactivate the setup process and create an admin user without authentication.
This PoC exploits CVE-2023-32315, a path traversal vulnerability in Openfire's administrative console, allowing unauthenticated users to create admin accounts via the setup environment. It automates the process of retrieving a CSRF token and sending a crafted request to add credentials.
This PoC demonstrates a path traversal vulnerability in an unspecified web application, allowing unauthorized access to sensitive files via a crafted HTTP GET request. The exploit leverages double URL-encoded directory traversal sequences to bypass security controls.
This Metasploit module exploits CVE-2023-32315, an authentication bypass in Openfire via path traversal, to create an admin user and upload a weaponized plugin for RCE.
Nuclei Templates (1)
title:"openfire" || http.title:"openfire" || http.title:"openfire admin console"
title="openfire" || title="openfire admin console"
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L