Openfire Admin Console Authentication Bypass via Path Traversal

This repository is a proof-of-concept exploit for CVE-2023-32315, targeting Ignite Realtime Openfire (notably version 4.6.4). The exploit process, as described in the README, involves obtaining session tokens (JSESSIONID and csrftoken), constructing a request to add a new user, compiling a malicious plugin (using Maven with the provided pom.xml), and uploading it to the Openfire server. Once the plugin is installed, it provides a webshell interface, allowing the attacker to execute arbitrary commands on the server. The repository contains a README with exploitation steps and a pom.xml for building the plugin, but does not include the actual plugin source code or the webshell implementation. The main attack vector is network-based, targeting the Openfire admin web interface. The only fingerprintable endpoints are the example Openfire server URL and the Maven repository for dependencies.

This repository contains a Python exploit script (CVE-2023-32315.py) and a README for CVE-2023-32315, a critical authentication bypass vulnerability in Openfire's web admin console. The exploit leverages a path traversal flaw in the setup wizard endpoints, allowing unauthenticated attackers to access setup pages and create a new admin user (hardcoded as 'pepe1'/'pepe1'). The script uses the HackRequests library to send crafted HTTP requests, first retrieving session cookies via a traversal to user-groups.jsp, then creating the user via user-create.jsp, and finally verifying the user via user-summary.jsp. The README provides background, setup, and usage instructions. The exploit is operational and enables full admin access to vulnerable Openfire servers, potentially leading to further compromise (e.g., uploading malicious plugins).

This repository provides a proof-of-concept exploit for CVE-2023-32315, a path traversal vulnerability in Ignite Realtime Openfire's administrative web console. The main exploit script (CVE-2023-32315.py) is written in Python and automates the process of exploiting the vulnerability by first retrieving a CSRF token from the target's /login.jsp endpoint, then using a crafted path traversal request to /setup/setup-s/%u002e%u002e/%u002e%u002e/user-create.jsp to create a new administrative user (username: 'hugme', password: 'HugmeNOW'). The script supports both single-target and mass exploitation modes. The included docker-compose.yaml file sets up a vulnerable Openfire instance for testing. The README.md provides background on the vulnerability, usage instructions, and references. The exploit is a functional PoC that grants administrative access to the attacker by creating a new admin account, but does not include weaponized or post-exploitation payloads.

This repository contains a Python exploit for CVE-2023-32315, an authentication bypass vulnerability in Openfire's web management console (notably version 4.7.1). The main script, CVE-2023-32315.py, automates the process of exploiting the vulnerability by sending crafted HTTP requests to the Openfire setup endpoints. It first retrieves session cookies (JSESSIONID and csrf), then uses them to create a new administrative user via a specially crafted URL. Successful exploitation is logged to a local file (success.txt). The README provides setup and usage instructions, including how to use the new admin account to upload a malicious plugin for remote code execution. The exploit is operational and requires the attacker to have network access to the target's Openfire management interface. No detection-only scripts are present; the code is a working exploit.

This repository provides a Python exploit for CVE-2023-32315, an authentication bypass vulnerability in Ignite Realtime Openfire's administration console. The main file, CVE-2023-32315.py, is a standalone script that can target a single Openfire instance or scan multiple targets in bulk using multiprocessing. The exploit works by abusing a path traversal vulnerability in the setup endpoints to create a new admin user without prior authentication. It then attempts to log in with the newly created credentials and records successful attempts in a results file. The script requires Python 3 and several dependencies (BeautifulSoup, HackRequests, etc.), as listed in requirements.txt. The README provides clear usage instructions for both single and bulk exploitation. The exploit is operational, as it automates the full attack chain from user creation to login, and is not just a proof of concept. The main attack vector is network-based, targeting the Openfire admin web interface, and the script fingerprints endpoints such as '/setup/setup-s/%u002e%u002e/%u002e%u002e/user-create.jsp' and '/login.jsp'.

This repository provides a working exploit for CVE-2023-32315, a critical authentication bypass vulnerability in Ignite Realtime Openfire. The exploit consists of a Go script (scan_all/main.go) that automates the attack chain: it first retrieves the JSESSIONID and CSRF token from a vulnerable Openfire instance, then uses these to create a new admin user via a crafted HTTP request to the setup endpoints. The README details the steps to compile and install a malicious plugin (provided in Java under src/main/java/org/igniterealtime/openfire/exampleplugin/ExamplePlugin.java), which can be uploaded to the server to provide a webshell for remote command execution. The repository includes build files (pom.xml, plugin.xml, web.xml) for packaging the plugin. The exploit is operational, providing both user creation and remote command execution capabilities, and targets Openfire servers accessible over the network. The main attack vector is network-based, exploiting HTTP endpoints exposed by the Openfire admin interface.

This repository contains a Python exploit script (CVE-2023–32315.py) targeting Openfire servers vulnerable to CVE-2023-32315, an authentication bypass via path traversal in the setup environment. The exploit works by sending crafted HTTP requests to specific setup endpoints, bypassing authentication controls and allowing the creation of a new administrative user with randomly generated credentials. The script supports both single-target and mass exploitation modes (via a list of targets). Results of successful exploitation are saved to a local file. The repository also includes a README with usage instructions and a requirements.txt listing dependencies (HackRequests and colorama). The exploit is operational, providing direct admin access to compromised Openfire servers. No detection-only or fake code is present; the script is a functional exploit.

This repository contains a Python proof-of-concept exploit for CVE-2023-32315, an authentication bypass vulnerability in the Openfire Admin Console. The exploit targets Openfire servers running versions 3.10.0 through 4.7.4 (and 4.6.7 and below), leveraging a path traversal flaw in the setup environment combined with non-standard URL encoding to bypass authentication and access restricted admin pages. The main script, 'CVE-2023-32315.py', allows the user to specify a single target or a file containing multiple targets. It retrieves a CSRF token from the login page, then sends a crafted request to the vulnerable endpoint to create a new administrative user ('hugme'/'HugmeNOW'). The exploit is network-based and requires the target's Admin Console to be accessible. The repository also includes a README.md with background information, affected versions, and screenshots of the exploit in action. No hardcoded IPs or domains are present; the script requires the user to supply the target URL(s).