Skip to content

Chocapikk/CVE-2023-51467

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2023-51467 Scanner πŸ•΅οΈβ€β™‚οΈ

Description πŸ“œ

CVE-2023-51467 Scanner is a Python-based command-line tool πŸ› οΈ that scans URLs for a specific vulnerability in the Apache OfBiz ERP system. This zero-day security flaw, tracked as CVE-2023-51467, allows attackers to bypass authentication protections due to an incomplete patch for the critical vulnerability CVE-2023-49070.

Vulnerability Details πŸ”

The CVE-2023-51467 vulnerability resides in the login functionality of Apache OfBiz versions prior to 18.12.10. It can be exploited by sending an HTTP request with empty or invalid USERNAME and PASSWORD parameters, which results in an authentication success message, allowing unauthorized access to internal resources.

Installation πŸ’»

To use the CVE-2023-51467 Scanner, you need Python 3.x.

You can install the required packages using pip πŸ“¦:

pip install -r requirements.txt 

Usage πŸš€

To scan a single URL 🎯:

python exploit.py -u http://example.com

To scan a list of URLs from a file πŸ“Š:

python exploit.py -f urls.txt -o output.txt -t 50

Options βš™οΈ

  • -u, --url: Single URL to send the GET request to 🌐.
  • -f, --file: File containing a list of base URLs to scan πŸ“„.
  • -o, --output: File to write vulnerable systems to (default is output.txt) πŸ“.
  • -t, --threads: Number of concurrent threads to use (default is 10) 🧡.

Disclaimer ⚠️

This tool is intended for security research and should not be used for illegal activities. The authors of this tool cannot be held responsible for any misuse or damage from its use.