Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-9496

Description

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

POC

Reference

- http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html

- http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html

- http://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.html

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/0xaniketB/HackTheBox-Monitors

- https://github.com/20142995/Goby

- https://github.com/20142995/sectool

- https://github.com/360quake/papers

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet

- https://github.com/BrittanyKuhn/javascript-tutorial

- https://github.com/Drajoncr/AttackWebFrameworkTools

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

- https://github.com/HimmelAward/Goby_POC

- https://github.com/JulianWu520/DriedMango

- https://github.com/Ly0nt4r/CVE-2020-9496

- https://github.com/MrMeizhi/DriedMango

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Shadowven/Vulnerability_Reproduction

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/Vulnmachines/apache-ofbiz-CVE-2020-9496

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Z0fhack/Goby_POC

- https://github.com/alphaSeclab/sec-daily-2020

- https://github.com/ambalabanov/CVE-2020-9496

- https://github.com/amcai/myscan

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/birdlinux/CVE-2020-9496

- https://github.com/cyber-niz/CVE-2020-9496

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/dwisiswant0/CVE-2020-9496

- https://github.com/g33xter/CVE-2020-9496

- https://github.com/gaorenyusi/JavaSec

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/ismailmazumder/SL7CVELabsBuilder

- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra/nuclei-templates

- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra25/nuclei-templates

- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet

- https://github.com/n0-traces/cve_monitor

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/pen4uin/awesome-vulnerability-research

- https://github.com/pen4uin/vulnerability-research

- https://github.com/pen4uin/vulnerability-research-list

- https://github.com/ranhn/Goby-Poc

- https://github.com/s4dbrd/CVE-2020-9496

- https://github.com/securelayer7/CVE-Analysis

- https://github.com/securelayer7/Research

- https://github.com/shengshengli/AttackWebFrameworkTools-5.0

- https://github.com/sobinge/nuclei-templates

- https://github.com/soosmile/POC

- https://github.com/tanjiti/sec_profile

- https://github.com/yuaneuro/ofbiz-poc