CVE-2024-32113 PoC — Apache OFBiz: Path traversal leading to RCE

Source

https://github.com/YongYe-Security/CVE-2024-32113

Associated Vulnerability

Title:Apache OFBiz: Path traversal leading to RCE (CVE-2024-32113)
Description:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.

Description

CVE-2024-32113 Apache OFBIZ Batch Scanning

Readme

**CVE-2024-32113 Apache OFBIZ Batch Scanning**



**注意：このツールを違法攻撃に使用することを支援するものではありません。このツールは技術的な交流のみを目的としています。**

**Note: This tool does not support any illegal attacks. It is intended solely for technical exchange.**

**注意：本人不支持任何人使用本工具进行非法攻击，本工具仅作为技术交流。**



**Help**

```
CVE-2024-32113 Batch Scanning

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Target File
  -c CMD, --cmd CMD     command
```



**Batch Scanning**

-c パラメータはオプションで、デフォルトは `id` です。スキャン結果は `Out.txt` に保存されます（脆弱性のあるターゲット）。

The -c parameter is optional, defaulting to `id`. Scan results are saved in `Out.txt` (targets with vulnerabilities).

-c 参数是可选的，默认为 `id`。扫描结果保存在 `Out.txt`（存在漏洞的目标）。

```
python3 CVE-2024-32113.py -f TargetFile.txt
```

![Snipaste1](https://github.com/YongYe-Security/CVE-2024-32113/blob/main/Snipaste1.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!