Possibly Related Threads…

Loki · 08-04-2024, 08:03 PM

GeoServer is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.

In versions of GeoServer earlier than 2.23.2, 2.23.6, versions 2.24.0 to 2.24.3, and version 2.25.0, there exists a vulnerability (CVE-2024-36401) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.

Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.

Hidden Content

You must register or login to view this content.

PangPang · (This post was last modified: 08-05-2024, 01:16 AM by PangPang.)

How do you find the vulnerable websites? I cant find any.

Edit: dork is provided

louna · 08-05-2024, 01:38 AM

Edit: dork is provided

Loki · 08-05-2024, 04:08 AM

(08-05-2024, 01:26 AM)orderfindrat Wrote: A month ago, you're kidding me

https://github.com/Chocapikk/CVE-2024-36401

what are you on about?

and why are you posting a hidden link as the reply?

KhanMahammad · 08-12-2024, 06:04 AM

2222222222222222222222222222222

Saury404 · 08-15-2024, 02:32 AM

Thank you, this is a very useful thing for my learning

un1dentif1ed · 08-15-2024, 03:40 PM

nice! need to check it out

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Scraping | https://breachforums.hn/Forum-Ban-Appeals if you feel this is incorrect.

fankflash · 08-16-2024, 08:47 AM

Thank you, this is a very useful

Swiptt · 08-22-2024, 04:24 AM

(08-04-2024, 08:03 PM)Loki Wrote:
GeoServer is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.

In versions of GeoServer earlier than 2.23.2, 2.23.6, versions 2.24.0 to 2.24.3, and version 2.25.0, there exists a vulnerability (CVE-2024-36401) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.

Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.

This file is amazing thank for sharing bro

seraph8 · 08-23-2024, 03:10 PM

Someone should make this into a spiderfoot module to scan the net efficiently for vuln server Wink

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Exploit Hikvision Camera cctv	A3g00n	158	4,470	08-06-2025, 11:06 PM Last Post: baddie100
	Acunetix Premium Cracked v24 Full Activated	A3g00n	18	1,005	08-03-2025, 05:08 AM Last Post: Fuc0
	Exploit Safety-net PoC	Inexorable_Baer	2	233	08-02-2025, 08:53 AM Last Post: Inexorable_Baer
	Telerik Exploit report server	A3g00n	1	406	04-11-2025, 04:16 AM Last Post: dghdj
	Ivanti/Pulse VPN Client Exploit leading to a privilege escalation	Loki	17	1,769	04-07-2025, 03:34 PM Last Post: ansikkamakola