Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25581 PoC — Deserialization of untrusted data in InternalAttributeHandler in pac4j

Source
https://github.com/p33d/CVE-2023-25581
Associated Vulnerability
Title:Deserialization of untrusted data in InternalAttributeHandler in pac4j (CVE-2023-25581)
Description:pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Readme
This Python script demonstrates the exploitation of the CVE-2023-25581 vulnerability in pac4j-core. The vulnerability allows an attacker to execute arbitrary code (RCE) by deserializing maliciously crafted Base64-encoded data.
Prerequisites

Before running the script, make sure you have the following installed:

    Python 3.x: Download Python

    requests library: Install it by running the command:

    bash

    pip install requests

Usage

    Clone the Repository:

    Clone this repository to your local machine:

    bash

git clone https://github.com/p33d/CVE-2023-25581
cd CVE-2023-25581

Run the Exploit Script:

To run the script, use the following command in your terminal:

bash

python3 Poc-CVE-2023-25581.py

Input the Target URL:

After running the script, you will be prompted to enter the target URL of the vulnerable application. For example:

bash

Enter the target URL (e.g., http://vulnerable-app.com/api/profile): http://vulnerable-app.com/api/profile

Payload Execution:

If the target is vulnerable, the script will send a payload and attempt to exploit the system. If successful, you may achieve remote code execution (RCE). The script will print the following message if the exploit is successful:

bash

Payload sent successfully! Check your terminal for RCE.

If the exploit fails or the target is not vulnerable, an error message will be displayed.
File Snapshot

 [4.0K]  /data/pocs/497a8df1e0b1fcf80c42c0433d6204e44e5aa2c8
├── [1.0K]  Poc-CVE-2023-25581.py
└── [1.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →