OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.
PoC: GeoServerExploit
GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具
PoC: CVE-2024-36401
GeoServer Remote Code Execution
PoC: CVE-2024-36401
geoserver图形化漏洞利用工具
PoC: CVE-2024-36401
Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit
PoC: CVE-2024-36401
An Python Exp For "GeoServer"
PoC: GeoServer-Tools-CVE-2024-36401
CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现
PoC: CVE-2024-36401
geoserver图形化漏洞利用工具
PoC: CVE-2024-36401
CVE-2024-36401 GeoServer Remote Code Execution
PoC: CVE-2024-36401-WoodpeckerPlugin
CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件
PoC: geoexplorer
Mass scanner for CVE-2024-36401
PoC: CVE-2024-36401
CVE-2024-36401-POC
PoC: CVE-2024-36401
POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.
PoC: CVE-2024-36401-MASS
Geoserver RCE
PoC: Exploit-CVE-2024-36401
Python exploit for GeoServer (CVE-2024-36401) with JSP web shell upload
PoC: cve-2024-36401-poc
A poc for cve-2024-36401 for applications using GeoTools for WMS data retrieval
PoC: CVE-2024-36401_Geoserver_RCE_POC
本脚本是针对 GeoServer 的远程代码执行漏洞(CVE-2024-36401)开发的 PoC(Proof of Concept)探测工具。该漏洞允许攻击者通过构造特定请求,在目标服务器上执行任意命令。
PoC: CVE-2024-36401
geoserver图形化漏洞利用工具
PoC: CVE-2024-36401
geoserver图形化漏洞利用工具
PoC: CVE-2024-36401-WoodpeckerPlugin
CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件
PoC: cve-2024-36401-poc
CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件,主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理: 该漏洞源于GeoServer在处理属性名称时,将其不安全地解析为XPath表达式。具体而言,GeoServer调用的GeoTools库API在评估要素类型的属性名称时,以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码,攻击者可以通过构造特定的输入,利用多个OGC请求参数(如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等),在未经身份验证的情况下远程执行任意代码。
PoC: GeoServer-CVE-2024-36401
GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions
PoC: CVE-2024-36401-PoC
Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1
PoC: geoserver-
geoserver CVE-2024-36401漏洞利用工具
PoC: geoserver-
geoserver CVE-2024-36401 一键漏洞利用工具
PoC: CVE-2024-36401
Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.
PoC: CVE-2024-36401
POC
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free