Hello Guys! It’s 0×2458 here. Hope you all are doing well and i’m back again with a fresh Blog! This time we’re Gonna Talk about the recent CVE, the CVE-2023-25157! Lets Start!
What is GeoServer?
GeoServer is an open-source server application that allows users to share and publish geospatial data and maps over the internet. It is written in Java and supports the Open Geospatial Consortium (OGC) standards, making it compatible with a wide range of geospatial data formats and services.
GeoServer acts as a web server for geospatial data, providing a platform for storing, processing, and distributing maps and spatial data. It allows users to publish their geospatial data as web services using standard protocols like Web Map Service (WMS), Web Feature Service (WFS), and Web Coverage Service (WCS). These services enable clients, such as GIS software, web applications, and mobile devices, to access and interact with the published data.
With GeoServer, users can create and manage data layers, define styling and symbology, perform geospatial analysis, and configure advanced data serving options. It is widely used in various domains, including government, environmental management, urban planning, agriculture, and natural resource management.
GeoServer is highly extensible and customizable, with a large community of developers contributing to its ongoing development and support. It provides a user-friendly web interface and offers powerful features for geospatial data sharing and dissemination.
What is CVE-2023-25157?
A vulnerability was found in GeoServer up to 2.21.3/2.22.1. It has been rated as critical. This issue affects an unknown code block of the component OGC Handler. Manipulation with an unknown input leads to a SQL injection vulnerability. Using CWE to declare the problem leads to CWE-89. The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. The weakness was disclosed 02/22/2023 as GHSA-7g5f-wrx8-5ccf. The advisory is shared at github.com. The identification of this vulnerability is CVE-2023-25157 since 02/03/2023.
How To Find CVE-2023-25157?
Let’s come to the main part. You understood what GeoServer is and what is the CVE. Let’s now focus on how can we find this vulnerability.
Finding This Vulnerability is simple, you can use a simple google dork to find this Bug.
Dork: inurl:“/geoserver/ows?service=wfs”
You can modify this dork, according to your needs, and find those bugs!
Now, you probably be thinking, okay I will use this dork, but I want to use it for my target, and i have a list of hosts and subdomains, it woild be hard if i check each one manually! Don’t worry, I got you!
Introducing my Automation Script for this Vulnerability!! I made this one today itself!
You can find the repository on my Github. I’ve Explained how you can Install the tool and Use it. It can give accurate outputs! And let me tell you, NO! You’re not gonna get dozens of false positives!! I made the tool this way, that it will not give much false positives. In 90% cases it’s gonna give True Positive! Sounds Amazing right? I Hope so! This is my first Repo and Tool, I haven’t made any Tool until now. So, if you like it, Do start it!
But, But.. Wait my tool does not gonna give you exploit. It’s just gonna give you the location of the directory. For exploitation of this Vuln, you need to use @win3zz’s Script or @RitikChaddha’s Nuclei Template for exploitation!
That’s it for this blog guys! It was a short one! Hope you liked it! Now go and smash those bugs! Good luck hacker!
Socials:
Twitter: https://twitter.com/0x2458/
BuyMeACoffee: https://buymeacoffee.com/0x2458/
Bonus!!
Here Comes the Bonus Part! Okay so listen carefully.. I’m gonna provide mentorship to 2 of my readers!! Participate? Just Dm me on twitter, I’ll see your skills, knowledge, thinking and attitude and will decide who’s the winner! (It’ll be fine if you’re a compelete beginner 🙂) Good luck!