Skip to content
/ sipXcom-RCE Public

sipXopenfire 21.04 Remote Command Execution / Weak Permissions

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AlexLinov/sipXcom-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
CVE-2023-25355-25356.py
CVE-2023-25355-25356.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
openfire.txt
openfire.txt
 
 

Repository files navigation

XMPP Exploit PoC Script

This repository contains a Python script to exploit vulnerabilities in sipXopenfire, specifically for the following CVEs:

  • CVE-2023-25355
  • CVE-2023-25356

The script allows for two types of payloads:

  1. Retrieve logs from the server.
  2. Overwrite the Openfire configuration to include a reverse shell.

Requirements

  • Python 3.x
  • xmpppy library
pip install xmpppy

Usage

Run the script with the appropriate arguments.

image

Credits

This script was inspired by an article on Packet Storm Security. You can read the full article here.

About

sipXopenfire 21.04 Remote Command Execution / Weak Permissions

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages