/Geoserver-CVE-2023-25157

Geoserver SQL Injection Exploit

Primary LanguagePython

Geoserver SQL Injection Exploit

In this year, a cve got published for Geoserver with the ID CVE-2023-25157.
I saw this vulnerability in one of my projects and tried to exploit it.
And here it is, the complete exploit.
In this repo(https://github.com/0x2458bughunt/CVE-2023-25157) you can use the detector to find out what tergets have the technology and vulnerability. After using detector, you can use my code for exploiting those.

How to Run:

You Should install "requests" with this command first:
pip install requests
At the second, create an input text file and insert the targets in it(Like www.example.com or 1.1.1.1:8080).Be aware, you should insert one target per line.
Then, Run the program like this:
python3 main.py Input.txt
or

python3 main.py
Urls File: Input.txt

Use & Enjoy 😇😇😇😇

Refrences

https://github.com/geoserver/geoserver/blob/main/README.md
https://www.acunetix.com/vulnerabilities/web/geoserver-sqli-cve-2023-25157/
https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
https://medium.com/@knownsec404team/geoserver-sql-injection-vulnerability-analysis-cve-2023-25157-413c1f9818c3
https://github.com/0x2458bughunt/CVE-2023-25157

Contact Me

If you had any question or order cantact me through my e-mail: dctfp@protonmail.com