Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-32315 PoC — Openfire administration console authentication bypass

Source
https://github.com/ThatNotEasy/CVE-2023-32315
Associated Vulnerability
Title:Openfire administration console authentication bypass (CVE-2023-32315)
Description:Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
Description
Perform With Massive Openfire Unauthenticated Users
Readme
## CVE-2023-32315
- Openfire's administrative console (the Admin Console), a web-based application, was found to be vulnerable to a path traversal attack via the setup environment.
This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environmentin an already configured
Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users and it can lead to RCE
## Screenshot
![Screenshot_6](https://github.com/Pari-Malam/CVE-2023-32315/assets/25004320/0c1e4fbd-eade-4d6f-a3ba-13f12ed426eb)
![Screenshot_7](https://github.com/Pari-Malam/CVE-2023-32315/assets/25004320/7b9be32b-3f1b-4d19-a121-f5753db21db2)
## Requirements
- Python3.7+
## Supported Os
- Linuxer
- Wingays
## Get start with
```
$ git clone https://github.com/Pari-Malam/CVE-2023-32315
$ cd CVE-2023-32315
$ pip/pip3 install -r requirements.txt
$ python/python3 CVE-2023-32315.py
```
## Footprints Notes
- By using this tool, you agree that you are using it for educational purposes only and that you will not use it for any illegal activity. You also agree to bear all risks associated with the use of this tool. I will not be responsible for direct or indirect damage caused by the use of this tool. Don't suyyyyyyyyyyyyyyyyyyyy me!
## Author
- Pari Malam
## Contacts
[![Telegram](https://img.shields.io/badge/-Telegram-blue)](https://telegram.me/SurpriseMTFK)
[![Discord](https://img.shields.io/badge/-Discord-purple)](https://discordapp.com/users/829404192585678858)
File Snapshot

 [4.0K]  /data/pocs/736e9b2a41a13b9d556fc5ca1526ad162bc7858a
├── [9.2K]  CVE-2023–32315.py
├── [1.5K]  README.md
└── [  24]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →