This repository contains a Python script to exploit vulnerabilities in sipXopenfire, specifically for the following CVEs:
- CVE-2023-25355
- CVE-2023-25356
The script allows for two types of payloads:
- Retrieve logs from the server.
- Overwrite the Openfire configuration to include a reverse shell.
- Python 3.x
xmpppy
library
pip install xmpppy
Run the script with the appropriate arguments.
This script was inspired by an article on Packet Storm Security. You can read the full article here.