## https://sploitus.com/exploit?id=C198722B-2622-506B-AE4F-83A81B3731F5
# Geoserver SQL Injection Exploit
In this year, a cve got published for Geoserver with the ID CVE-2023-25157.
I saw this vulnerability in one of my projects and tried to exploit it.
And here it is, the complete exploit.
In this repo([https://github.com/0x2458bughunt/CVE-2023-25157](https://github.com/0x2458bughunt/CVE-2023-25157)) you can use the detector to find out what tergets have the technology and vulnerability.
After using detector, you can use my code for exploiting those.
## How to Run:
You Should install "requests" with this command first:
```
pip install requests
```
At the second, create an input text file and insert the targets in it(Like www.example.com or 1.1.1.1:8080).Be aware, you should insert one target per line.
Then, Run the program like this:
```
python3 main.py Input.txt
```
or
```
python3 main.py
Urls File: Input.txt
```
Use & Enjoy ๐๐๐๐
# Refrences
https://github.com/geoserver/geoserver/blob/main/README.md
https://www.acunetix.com/vulnerabilities/web/geoserver-sqli-cve-2023-25157/
https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
https://medium.com/@knownsec404team/geoserver-sql-injection-vulnerability-analysis-cve-2023-25157-413c1f9818c3
https://github.com/0x2458bughunt/CVE-2023-25157
# Contact Me
If you had any question or order cantact me through my e-mail: dctfp@protonmail.com