CVE-2024-32113

This exploit demonstrates a directory traversal vulnerability in Apache OFBiz via XML-RPC endpoints, allowing arbitrary file read or command execution depending on the method used.

The repository contains a functional exploit for CVE-2024-32113, demonstrating a path traversal vulnerability in Apache OFBiz leading to remote code execution (RCE). The exploit leverages a crafted HTTP POST request to execute arbitrary commands via Groovy script injection.

The repository provides functional exploit code for CVE-2024-32113, demonstrating RCE and authentication bypass in Apache OfBiz via crafted HTTP requests to the `/webtools/control/ProgramExport` endpoint. The PoC includes multiple curl commands to exploit the vulnerability, including RCE via Groovy script execution.

The repository contains a functional exploit for CVE-2024-32113, targeting Apache OFBiz. The exploit leverages a path traversal and Groovy script injection vulnerability to achieve remote code execution (RCE) by sending a crafted POST request to the `/webtools/control/forgotPassword;/ProgramExport` endpoint.

This repository contains a functional exploit for CVE-2024-32113, a path traversal vulnerability in Apache OFBiz leading to RCE. The exploit uses a crafted Groovy payload to execute arbitrary commands via the `/webtools/control/forgotPassword;/ProgramExport` endpoint.

This repository contains a functional Python exploit for CVE-2024-38856, targeting Apache OFBiz versions before 18.12.15. The exploit leverages incorrect authorization to achieve remote code execution via Groovy code injection through the `/webtools/control/forgotPassword/ProgramExport` endpoint.

This Metasploit module exploits CVE-2024-38856 in Apache OFBiz by leveraging an incorrect authorization vulnerability in the /webtools/control/forgotPassword/ProgramExport endpoint to achieve remote code execution via Groovy script injection.