Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-32315 PoC — Openfire administration console authentication bypass

Source
https://github.com/gibran-abdillah/CVE-2023-32315
Associated Vulnerability
Title:Openfire administration console authentication bypass (CVE-2023-32315)
Description:Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
Description
Tool for CVE-2023-32315 exploitation
Readme
# CVE-2023-32315
Tool for CVE-2023-32315 exploitation.

## Features:
- Scans single or bulk targets from txt files
- Utilizes multiprocessing for faster scanning
- Automatic login capability

## Installation:
- Make sure you're in this repo's directory and have python3 installed
- Install required packages using:
  ```sh
  pip install -r requirements.txt
  ```
- Run the tool with the following command:
  ```sh
  python3 CVE-2023-32315.py
  ```

## Usage 
- For bulk targets 
  ```sh 
  python3 CVE-2023-32315.py --web-list sites.txt -p 10
  ```
- For single target 
  ```sh 
  python3 CVE-2023-32315.py -u http://127.0.0.1:9090
  ```

## Screenshots 
![Screenshot 2023-08-31 153909](https://github.com/gibran-abdillah/quiz-app/assets/70421698/7a9ea21d-b5ac-435b-abdf-4815eeb458f5)
![Screenshot 2023-08-31 154022](https://github.com/gibran-abdillah/quiz-app/assets/70421698/e98f9d02-b02a-4260-8395-f157c66529a2)


## References 
- https://codewithvamp.medium.com/cve-2023-32315-administration-console-authentication-bypass-c1429f8c4576
- https://github.com/miko550/CVE-2023-32315
File Snapshot

 [4.0K]  /data/pocs/f14edc9fc05817ecec30d6ffc33f1986a70ae47a
├── [5.1K]  CVE-2023-32315.py
├── [1.1K]  README.md
└── [  69]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →