Apache OFBiz is an open source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
CVE-2024-38856 is a pre-authentication flaw in Apache OFBiz that can lead to remote code execution.
Affected Versions: Versions before 18.12.15
Usage example: python3 scanner.py https://localhost:8443/ python3 exploit.py https://localhost:8443/
Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited. I am not responsible for any misuse or damage caused by this script.
References: https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/ https://threatprotect.qualys.com/2024/08/06/apache-ofbiz-remote-code-execution-vulnerability-cve-2024-38856/