.. / CVE-2019-18393

Exploit for Ignite Realtime Openfire <4.42 - Local File Inclusion (CVE-2019-18393)

Description:

Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.

Nuclei Template

View the template here CVE-2019-18393.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-18393.yaml

References:

https://github.com/igniterealtime/Openfire/pull/1498
https://github.com/Elsfa7-110/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2019-18393
https://swarm.ptsecurity.com/openfire-admin-console/
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2019-18393 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Ignite Realtime Openfire <4.42 - Local File Inclusion (CVE-2019-18393)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-18393