CVE-2024-36104 PoC — Apache OFBiz: Path traversal leading to a RCE

Source

https://github.com/ggfzx/CVE-2024-36104

Associated Vulnerability

Title:Apache OFBiz: Path traversal leading to a RCE (CVE-2024-36104)
Description:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Readme

# CVE-2024-36104
### 声明

**本工具仅用于个人安全研究学习。由于传播、利用本工具而造成的任何直接或者间接的后果及损失，均由使用者本人负责，工具作者不为此承担任何责任。**

------

version <= 18.12.14

------

NAME:
   Apache OFBiz - 代码执行

USAGE:
    [global options] command [command options] [arguments...]

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --target_url url, -u url          读取单个目标的url
   
   --target_file File, -f File       从File读取批量读取URL
   
   --target_command value, -c value  执行命令
   
   --output File, -o File            扫描结果输出到File (default: "success.txt")
   
   --proxy url, -p url               代理的url地址
   
   --thread 数量, -t 数量                批量扫描时的线程数量 (default: 20)
   
   --help, -h                        show help
   
------

### 截图
![image](https://github.com/ggfzx/CVE-2024-36104/assets/86279656/d4f142d2-3a80-4e78-ae39-7c6390a1b158)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →