CVE-2023-51467

This repository contains a functional exploit for CVE-2023-51467, an authentication bypass vulnerability in Apache OFBiz. The exploit leverages a deserialization attack via ysoserial to achieve remote code execution (RCE) on vulnerable systems.

This repository contains a functional exploit for CVE-2023-51467, targeting Apache Ofbiz with a deserialization attack using CommonsBeanutils1 and TomcatCmdEcho. It includes a GUI-based tool for command execution and reverse shell capabilities, leveraging Groovy scripts and modified ysoserial payloads.

The repository contains a scanner for CVE-2023-51467, an Apache OFBiz authentication bypass vulnerability. It checks for the presence of the 'PONG' response when sending a crafted request to a specific endpoint, indicating vulnerability.

The repository contains a Python-based scanner for CVE-2023-51467, an authentication bypass vulnerability in Apache OfBiz. It checks for the presence of the vulnerability by sending a crafted HTTP request to the target URL and verifying the response.

This repository contains a functional Go-based exploit for CVE-2023-51467, targeting Apache OFBiz. The exploit includes target verification, version scanning, and an in-memory Nashorn reverse shell payload, demonstrating remote code execution (RCE) capabilities.

This repository contains a functional exploit for CVE-2023-51467, an Apache OFBiz XML-RPC Java deserialization vulnerability. It includes a YAML-based scanner for detection and a Python/Go exploit for RCE via crafted serialized payloads.

The repository contains a functional Python script that exploits CVE-2023-51467, an authentication bypass vulnerability in Apache OFBiz. The script sends a crafted POST request to execute arbitrary commands via the 'groovyProgram' parameter, leveraging the auth bypass trick with USERNAME&PASSWORD&requirePasswordChange=Y.

This repository contains a functional Python script that exploits CVE-2023-51467, a deserialization vulnerability in Apache OFBiz. It generates a reverse shell payload using ysoserial and sends it via a crafted XML-RPC request to achieve remote code execution.

This repository contains a Python script that scans for CVE-2023-51467, an authentication bypass vulnerability in Apache OFBiz. The script checks for the presence of a specific endpoint and response to determine vulnerability, but does not include exploit code for actual exploitation.

This repository contains a functional exploit for CVE-2023-51467, an authentication bypass and RCE vulnerability in Apache OFBiz. The exploit leverages XML-RPC deserialization to execute arbitrary commands, requiring ysoserial-all.jar for payload generation.

This repository contains a functional Python script that exploits CVE-2023-51467, a deserialization vulnerability in Apache OFBiz. The script generates a reverse shell payload using ysoserial and sends it via a crafted XMLRPC request to achieve remote code execution.

The repository contains a functional exploit for CVE-2023-51467, leveraging XML-RPC deserialization to achieve remote code execution (RCE) via a crafted payload generated using ysoserial. It also includes a scanner to detect vulnerable instances.

This repository contains a functional exploit for CVE-2023-49070 and CVE-2023-51467, targeting Apache OFBiz versions before 18.12.10. The exploit leverages an authentication bypass and deserialization vulnerability to achieve remote code execution (RCE) or establish a reverse shell.