CVE-2021-26295

Description

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-26295
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-26295

Refrence: Project Discovery GitHub

yumusb

Refrence: GitHub

rakjong

CVE-2021-26295 Apache OFBiz rmi反序列化POC

Refrence: GitHub

dskho

CVE-2021-26295 EXP 可成功反弹Shell

Refrence: GitHub

coolyin001

CVE-2021-26295-POC 利用DNSlog进行CVE-2021-26295的漏洞验证。使用 poc：将目标放于target.txt后运行python poc.py即可。（Jdk环境需<12，否则ysoserial无法正常生成有效载荷） exp：python exp.py https://baidu.com然后进入命令执行界面（无回显）

Refrence: GitHub

S0por

Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

Refrence: GitHub

yuaneuro

CVE-2020-9496和CVE-2021-26295利用dnslog批量验证漏洞poc及exp

Refrence: GitHub

Content on GitHub

TheTh1nk3r | watchers:16

exp_hub
漏洞复现与poc收集，CVE-2021-21975，cve-2021-22005，CVE-2021-26295，VMware vCenter任意文件读取

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub