关联漏洞
标题:
Ignite Realtime Openfire 路径遍历漏洞
(CVE-2023-32315)
描述:Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP(前称Jabber,即时通讯协议)的跨平台开源实时协作(RTC)服务器。它能够构建高效率的即时通信服务器,并支持上万并发用户数量。 Ignite Realtime Openfire 存在安全漏洞,该漏洞源于允许未经身份验证的用户在已配置的 Openfire 环境中使用未经身份验证的 Openfire 设置环境,以访问为管理用户保留的 Openfire 管理控制台中的受限页面,以下产品和版
描述
Perform With Massive Openfire Unauthenticated Users
介绍
## CVE-2023-32315
- Openfire's administrative console (the Admin Console), a web-based application, was found to be vulnerable to a path traversal attack via the setup environment.
This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environmentin an already configured
Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users and it can lead to RCE
## Screenshot
## Requirements
- Python3.7+
## Supported Os
- Linuxer
- Wingays
## Get start with
```
$ git clone https://github.com/Pari-Malam/CVE-2023-32315
$ cd CVE-2023-32315
$ pip/pip3 install -r requirements.txt
$ python/python3 CVE-2023-32315.py
```
## Footprints Notes
- By using this tool, you agree that you are using it for educational purposes only and that you will not use it for any illegal activity. You also agree to bear all risks associated with the use of this tool. I will not be responsible for direct or indirect damage caused by the use of this tool. Don't suyyyyyyyyyyyyyyyyyyyy me!
## Author
- Pari Malam
## Contacts
[](https://telegram.me/SurpriseMTFK)
[](https://discordapp.com/users/829404192585678858)
文件快照
[4.0K] /data/pocs/736e9b2a41a13b9d556fc5ca1526ad162bc7858a
├── [9.2K] CVE-2023–32315.py
├── [1.5K] README.md
└── [ 24] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。