In this year, a cve got published for Geoserver with the ID CVE-2023-25157.
I saw this vulnerability in one of my projects and tried to exploit it.
And here it is, the complete exploit.
In this repo(https://github.com/0x2458bughunt/CVE-2023-25157) you can use the detector to find out what tergets have the technology and vulnerability.
After using detector, you can use my code for exploiting those.
You Should install "requests" with this command first:
pip install requests
At the second, create an input text file and insert the targets in it(Like www.example.com or 1.1.1.1:8080).Be aware, you should insert one target per line.
Then, Run the program like this:
python3 main.py Input.txt
or
python3 main.py
Urls File: Input.txt
Use & Enjoy 😇😇😇😇
https://github.com/geoserver/geoserver/blob/main/README.md
https://www.acunetix.com/vulnerabilities/web/geoserver-sqli-cve-2023-25157/
https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
https://medium.com/@knownsec404team/geoserver-sql-injection-vulnerability-analysis-cve-2023-25157-413c1f9818c3
https://github.com/0x2458bughunt/CVE-2023-25157
If you had any question or order cantact me through my e-mail: dctfp@protonmail.com