关联漏洞
标题:
Ignite Realtime Openfire 路径遍历漏洞
(CVE-2023-32315)
描述:Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP(前称Jabber,即时通讯协议)的跨平台开源实时协作(RTC)服务器。它能够构建高效率的即时通信服务器,并支持上万并发用户数量。 Ignite Realtime Openfire 存在安全漏洞,该漏洞源于允许未经身份验证的用户在已配置的 Openfire 环境中使用未经身份验证的 Openfire 设置环境,以访问为管理用户保留的 Openfire 管理控制台中的受限页面,以下产品和版
描述
A PoC exploit for CVE-2023-32315 - Openfire Authentication Bypass
介绍
# CVE-2023-32315 - Openfire Authentication Bypass
This repository highlights a high security issue impacting various versions of Openfire. Openfire, a cross-platform real-time collaboration server utilizing the XMPP protocol developed by the Ignite Realtime community, faces a severe vulnerability within its administrative console (Admin Console).
The vulnerability lies within the web-based Admin Console, permitting a path traversal attack through the setup environment. This flaw allows unauthenticated users to access restricted pages intended only for administrative users within an already configured Openfire environment.
While Openfire had path traversal protections, it failed to defend against certain non-standard URL encoding for UTF-16 characters, not supported by the embedded webserver in use at that time. The subsequent upgrade of the embedded webserver introduced support for this non-standard encoding, which the existing path traversal protections did not cover.
Moreover, Openfire's API allowed exclusion of certain URLs from web authentication using wildcard patterns, such as the login page. This combination of wildcard pattern matching and the path traversal vulnerability enabled malicious users to bypass authentication requirements for Admin Console pages.
This vulnerability impacts all Openfire versions released after April 2015, commencing from version 3.10.0. The issue has been patched in releases 4.7.5 and 4.6.8. Further enhancements are slated for the forthcoming version on the 4.8 branch (expected as version 4.8.0).
# The PoC Exploit
# Disclaimer
You are responsible for your own actions, abusing this poc exploit can get you into trouble.
文件快照
[4.0K] /data/pocs/a702dd7d0b367aa92ec9f3776ce17df03f5e6e4d
├── [5.2K] CVE-2023-32315.py
├── [1.8K] README.md
├── [ 50K] Screenshot_2023-12-15_09-09-47.png
├── [ 33K] Screenshot_2023-12-15_09-12-41.png
├── [147K] Screenshot_2023-12-15_09-15-05.png
├── [4.8K] Screenshot_2023-12-15_09-16-41.png
└── [ 51K] Screenshot_2023-12-15_09-46-59.png
0 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。