Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467
Apache OFBiz is an open source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
CVE-2023-49070 is a pre-authentication Remote Code Execution (RCE) vulnerability which has been identified in Apache OFBiz 18.12.09. The issue stems from the presence of XML-RPC, which is no longer maintained but remains in the system.
CVE-2023-51467 permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code.
Affected versions: 18.12.10 and below
This exploit scans whether the provided target is vulnerable and also exploits it depending on the choice of the user.
Usage: python3 exploit.py https://localhost:8443/
Reference: https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz
Note: You should have the ysoserial-all.jar file in the same directory as the exploit. You can either download it from this repo or from https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar.
If the serialization does not happen or if the exploit is not successful due to some reason, follow the steps below to downgrade your java version and try again.
update-java-alternatives --list
sudo update-java-alternatives --set /usr/lib/jvm/java-1.11.0-openjdk-amd64
sudo update-java-alternatives --set <Any_lower_compatible_version>
Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited.