Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-0669 PoC — Fortra GoAnywhere MFT License Response Servlet Command Injection

Source
https://github.com/yosef0x01/CVE-2023-0669-Analysis
Associated Vulnerability
Title:Fortra GoAnywhere MFT License Response Servlet Command Injection (CVE-2023-0669)
Description:Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Description
CVE analysis for CVE-2023-0669
Readme
# CVE-2023-0669

This Repo contain the pcakages and scripts used in this Analysis  https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-goanywhere


## The vulnerable version of `GoAnywhere` for Linux
https://www.dropbox.com/s/j31l8lgvapbopy3/ga7_0_3_linux_x64.sh?dl=0
File Snapshot

 [4.0K]  /data/pocs/7c1f141080daf96d91142e7b65cb79479d5a4105
├── [4.0K]  libraries
│   ├── [ 12M]  ga_classes.jar
│   ├── [ 68K]  licenseapi-2.0.jar
│   └── [  34]  readme.md
└── [ 277]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →