There was a diary on the Sans Internet Storm Center page about increased exploitation attempts at their honeypots for CVE-2024-32113, which gives RCE against Apache OFBiz instances. I'll show how the exploit works on the HackTheBox Bizness machine, and then look at the patches to fix CVE-2024-32113, and then where the exploit is actually fixed in the patches for CVE-2024-36104.

Sans ISC Article: https://isc.sans.edu/diary/Increased+Activity+Against+Apache+OFBiz+CVE202432113/31132/
OFBiz Security Page: https://ofbiz.apache.org/security.html
TIO.run: https://tio.run/
HTB Bizness Blog Post: https://0xdf.gitlab.io/2024/05/25/htb-bizness.html
HTB Bizness: https://hacktheboxltd.sjv.io/g1jVD9?u=https%3A%2F%2Fapp.hackthebox.com%2Fmachines%2Fbizness

☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf

[00:00] Introduction
[01:15] Article Review
[02:28] Exploiting CVE-2024-32113 on HTB
[05:45] Looking at fix on GitHub
[07:00] Trying fix on TIO
[08:10] Looking at next CVE, CVE-2024-36104
[09:30] Conclusion

#ofbiz #sansics #cve-2024-32113 #cve-2024-36104