CVE-2024-38856

This repository contains a functional exploit and scanner for CVE-2024-38856, an RCE vulnerability in Apache OFBiz. The Python script includes both scanning and exploitation capabilities, with options for command execution and proxy support.

This repository contains a functional exploit for CVE-2024-38856, an unauthenticated RCE vulnerability in Apache OFBiz. The exploit leverages a Groovy script injection via the `/webtools/control/main/ProgramExport` endpoint to execute arbitrary commands.

This repository contains a functional exploit for CVE-2024-38856, targeting Apache OFBiz. The exploit leverages a Groovy script injection vulnerability in the `/webtools/control/main/ProgramExport` endpoint to achieve remote code execution (RCE).

The repository contains only a placeholder README with images and a trivial 'Hello, world!' Go program, with no functional exploit code or technical details about CVE-2024-38856.

This repository contains a functional exploit for CVE-2024-38856, targeting Apache OFBiz with a Groovy-based RCE payload. The script encodes commands in base64, constructs a Unicode-escaped payload, and attempts execution via multiple endpoints.

This repository contains a functional exploit for CVE-2024-38856, targeting Apache OFBiz versions up to 18.12.14. The exploit leverages a Groovy script injection vulnerability to achieve remote code execution (RCE) by encoding commands in base64 and Unicode, then sending them to the vulnerable endpoint.

The repository contains a functional exploit and scanner for CVE-2024-38856, a pre-authentication remote code execution vulnerability in Apache OFBiz. The exploit leverages a Groovy script injection via the `ProgramExport` endpoint to execute arbitrary commands, while the scanner checks for vulnerability by attempting to execute a test command.

The repository contains a Nuclei template for detecting CVE-2024-38856, a vulnerability in Apache OfBiz before 18.12.15. The template sends a crafted GET request to trigger a command injection and checks for the presence of 'uid=0' in the response to confirm exploitation.

This repository contains a functional exploit for CVE-2024-38856, an unauthenticated RCE vulnerability in Apache OFBiz. The exploit leverages a Groovy script injection via the `/webtools/control/main/ProgramExport` endpoint to execute arbitrary commands or spawn a reverse shell.

The repository contains functional exploit code for multiple vulnerabilities, including arbitrary file upload and authentication bypass in various OA systems (e.g., Weaver E-Cology, H3C CVM). The PoCs demonstrate exploitation techniques such as JSP file uploads and session key retrieval.

The repository contains functional exploit code for CVE-2024-38856, demonstrating RCE in Apache OfBiz via the `/webtools/control/ProgramExport` endpoint by injecting Groovy code. The PoC includes multiple curl commands to trigger RCE and bypass authentication.

This repository contains a functional Python exploit for CVE-2024-38856, targeting Apache OFBiz versions before 18.12.15. The exploit leverages incorrect authorization to achieve remote code execution via Groovy code injection through the `/webtools/control/forgotPassword/ProgramExport` endpoint.