Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints).
This script is designed to scan for the CVE-2024-38856
vulnerability in Apache Ofbiz applications, which may allow for remote code execution. It sends HTTP POST requests to specific paths within the Ofbiz application with malicious payloads to exploit the vulnerability.
Features
- Scans targets for vulnerability using various paths
- Supports multithreading for faster processing
- Uses
coloredlogs
for color-coded, easy-to-read logs - Supports input from a file containing a list of targets
What do you think?
It is nice to know your opinion. Leave a comment.