Share
## https://sploitus.com/exploit?id=758B4A31-E100-58B3-9C8E-D094E0E36B70
# CVE-2023-25157-checker
A script, written in golang. POC for CVE-2023-25157

## Steps to use
1. `git clone https://github.com/7imbitz/CVE-2023-25157-checker.git`
2. `cd CVE-2023-25157-checker`
3. `go run CVE-2023-25157.go <URL>`
*Replace `<URL>` with the URL of the target server.

![Screenshot 2023-06-12 at 23 09 29](https://github.com/7imbitz/CVE-2023-25157-checker/assets/26263598/d3781925-deb8-44d0-9768-7b6e9b116060)
<img width="1077" alt="Screenshot 2023-06-12 at 23 12 43" src="https://github.com/7imbitz/CVE-2023-25157-checker/assets/26263598/645e7ebc-b50d-4e9a-bea0-6f1c68e695c2">


## Google Dork
```inurl:"/geoserver/ows?service=wfs"```

## Research
For research purpose, you can setup and deploy your own instance of geoserver. This [docker](https://github.com/geoserver/docker) can be easily setup in a blink of an eye *multiple blink

## References
- [Github Advisory](https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf)
- [Commit](https://github.com/geoserver/geoserver/commit/145a8af798590288d270b240235e89c8f0b62e1d)
- [Tweet](https://twitter.com/parzel2/status/1665726454489915395)
- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-25157)

## Legal Disclaimer
This POC Script was intended for educational and research purposes only. The main purpose was for me to code in golang. **Usage of this script for any unauthorized activities, and unethical testing is STRICTLY prohibited.**

## Stargazers over time

[![Stargazers over time](https://starchart.cc/7imbitz/CVE-2023-25157-checker.svg)](https://starchart.cc/7imbitz/CVE-2023-25157-checker)