Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25157 PoC — Unfiltered SQL Injection Vulnerabilities in Geoserver

Source
https://github.com/0x2458bughunt/CVE-2023-25157
Associated Vulnerability
Title:Unfiltered SQL Injection Vulnerabilities in Geoserver (CVE-2023-25157)
Description:GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
Readme
# CVE-2023-25157
This is a simple Python Script to Find the Latest GeoServer SQL Injection Vulnerability. You can use the Scripts on hosts to check for infected path.

# Installation:
1. git clone https://github.com/0x2458bughunt/CVE-2023-25157/
2. cd CVE-2023-25157
3. chmod +x geoserver.sh

Note: You should have all the files on same directory, in case you want to use the files from anywhere throughout your system, follow these steps:
1. Open geoserver.sh and change GeoServerPath-Finder.py with it's full path. (Eg- /root/CVE-2023-25157/GeoServerPath-Finder.py)
2. Do the same with GeoServer_Keyword-Checker.py.
3. copy geoserver.sh to /usr/bin.
Now you can access it from anywhere around your system! :D


#Usage:
./geoserver.sh /path/to/hosts/file/

If it finds the directory It'll Respong with "Directory Found" follwing with full URL.
![image](https://github.com/0x2458bughunt/CVE-2023-25157/assets/134130770/eeeeadcb-a102-4f3a-bea2-e451330f6ebb)

Else It'll give output as "Directory Not Found"
![image](https://github.com/0x2458bughunt/CVE-2023-25157/assets/134130770/fdc0bc52-f432-45d0-b6a8-3e9a51283269)

Then It'll check for the specific keyword to verify if the URL really has GeoServer directory open or not. This process has been added to avoid false positives.
If found It'll give output in final_output.txt as "Keyword Found on https://website123.com/"
If the keyword dosen't match, It'll give output as: "Keyword not Found on https://website123.com/"


Hope you like this! This is my first every Github Project! 
If you wanna show love to this, leave a star and follow my socials!
Twitter: https://twitter.com/0x2458
BuyMeACoffee: https://buymeacoffee.com/0x2458/
File Snapshot

 [4.0K]  /data/pocs/fcf3a744b696ecab23d9823883b2a6df33ec84ce
├── [1.0K]  GeoServer_Keyword-Checker.py
├── [1.7K]  GeoServer_Path-Finder.py
├── [ 394]  geoserver.sh
├── [1.0K]  LICENSE
└── [1.6K]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →