CVEs-PoC/2020/CVE-2020-9496.md

CVE-2020-9496

Description

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

POC

Reference

• http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
• http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
• http://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.html

Github

• https://github.com/0xT11/CVE-POC
• https://github.com/0xaniketB/HackTheBox-Monitors
• https://github.com/20142995/Goby
• https://github.com/20142995/nuclei-templates
• https://github.com/20142995/sectool
• https://github.com/360quake/papers
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
• https://github.com/BrittanyKuhn/javascript-tutorial
• https://github.com/Elsfa7-110/kenzer-templates
• https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
• https://github.com/HimmelAward/Goby_POC
• https://github.com/JulianWu520/DriedMango
• https://github.com/Ly0nt4r/CVE-2020-9496
• https://github.com/MrMeizhi/DriedMango
• https://github.com/SexyBeast233/SecBooks
• https://github.com/Shadowven/Vulnerability_Reproduction
• https://github.com/Threekiii/Awesome-POC
• https://github.com/Threekiii/Vulhub-Reproduce
• https://github.com/Vulnmachines/apache-ofbiz-CVE-2020-9496
• https://github.com/Z0fhack/Goby_POC
• https://github.com/alphaSeclab/sec-daily-2020
• https://github.com/ambalabanov/CVE-2020-9496
• https://github.com/amcai/myscan
• https://github.com/bakery312/Vulhub-Reproduce
• https://github.com/birdlinux/CVE-2020-9496
• https://github.com/cyber-niz/CVE-2020-9496
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/dwisiswant0/CVE-2020-9496
• https://github.com/g33xter/CVE-2020-9496
• https://github.com/hectorgie/PoC-in-GitHub
• https://github.com/merlinepedra/nuclei-templates
• https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
• https://github.com/merlinepedra25/nuclei-templates
• https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
• https://github.com/pen4uin/awesome-vulnerability-research
• https://github.com/pen4uin/vulnerability-research
• https://github.com/pen4uin/vulnerability-research-list
• https://github.com/s4dbrd/CVE-2020-9496
• https://github.com/securelayer7/CVE-Analysis
• https://github.com/sobinge/nuclei-templates
• https://github.com/soosmile/POC
• https://github.com/tanjiti/sec_profile
• https://github.com/yuaneuro/ofbiz-poc