Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26295 PoC — RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

Source
https://github.com/yuaneuro/ofbiz-poc
Associated Vulnerability
Title:RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI (CVE-2021-26295)
Description:Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Description
CVE-2020-9496和CVE-2021-26295利用dnslog批量验证漏洞poc及exp
Readme
# ofbiz-poc
CVE-2020-9496和CVE_2020_9496利用dnslog批量验证漏洞poc及exp

## OFBiz_CVE_2020_9496.py 及 OFBiz_CVE_2021_26295.py 为单个漏洞验证

## ofbiz_poc.py 为批量验证两个漏洞,将需要批量验证的网站保存至urls.txt

### 漏洞复现请查看:[https://yuaneuro.cn/archives/ofbiz.html](https://yuaneuro.cn/archives/ofbiz.html)
File Snapshot

 [4.0K]  /data/pocs/7160d26b50d0ef41c612ca8c8e9c03bb430ae759
├── [3.4K]  OFBiz_CVE_2020_9496.py
├── [3.6K]  OFBiz_CVE_2021_26295.py
├── [ 232]  ofbiz_poc.py
├── [ 365]  README.md
├── [  15]  urls.txt
└── [ 57M]  ysoserial.jar

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →