CVE-2023-32315
The target Openfire instances on both port 9090 and 9091 are vulnerable to CVE-2023-32315 due to its outdated version; 4.7.3
/Practice/Fired/3-Exploitation/attachments/{ED3B700D-3F69-4611-B3DE-E72C20801E7B}.png)
A vulnerability has been found in Ignite Realtime Openfire and classified as critical. Affected by this vulnerability is an unknown functionality of the component Administration Console. The manipulation leads to improper authentication. This vulnerability is known as CVE-2023-32315. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
Exploit
/Practice/Fired/3-Exploitation/attachments/{2360AC8D-F197-48C1-BD68-5ED589D07A03}.png)
Exploit found online
This one includes a malicious plugin for RCE
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fired]
└─$ git clone https://github.com/miko550/CVE-2023-32315 ; python3 -m venv CVE-2023-32315/.venv ; source CVE-2023-32315/.venv/bin/activate ; pip3 install -r CVE-2023-32315/requirements.txt
Cloning into 'CVE-2023-32315'...
remote: Enumerating objects: 31, done.
remote: Counting objects: 100% (31/31), done.
remote: Compressing objects: 100% (29/29), done.
remote: Total 31 (delta 15), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (31/31), 38.13 KiB | 1.52 MiB/s, done.
Resolving deltas: 100% (15/15), done.
Collecting HackRequests (from -r CVE-2023-32315/requirements.txt (line 1))
Downloading HackRequests-1.2-py3-none-any.whl.metadata (677 bytes)
Downloading HackRequests-1.2-py3-none-any.whl (7.3 kB)
Installing collected packages: HackRequests
Successfully installed HackRequests-1.2Downloaded and setup the exploit package