{"vulnerability": "CVE-2023-32315", "sightings": [{"uuid": "a93a6db9-55e4-4869-847b-be90ce39eb0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-08-24T18:10:02.000000Z"}, {"uuid": "c823aeff-3bb0-4a32-89cc-7afaf469f340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971872", "content": "", "creation_timestamp": "2024-12-24T20:35:04.809319Z"}, {"uuid": "6dff338e-630b-4434-833e-2bc5dd567c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "3d7b059b-7704-413d-9463-aaeb28559d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:45.000000Z"}, {"uuid": "2e4d70be-83dd-49ef-8cd0-1e737df32d10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:53.000000Z"}, {"uuid": "9ba371b8-03c6-4906-be8e-a8280e921cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb", "content": "", "creation_timestamp": "2023-07-18T23:40:14.000000Z"}, {"uuid": "e9fc0d66-0c2e-41bc-a8af-197a26b08051", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "f3d2f3db-5382-4c4d-9fbd-822eebc21b85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "MISP/4ad9ed67-5cc3-5de2-849d-1a1910431785", "content": "", "creation_timestamp": "2025-09-09T11:33:07.000000Z"}, {"uuid": "1c43ab21-0150-459e-bfd0-947fb18efa32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b5d080f8-4eac-404f-884e-120f53241976", "content": "", "creation_timestamp": "2026-02-02T12:26:51.819969Z"}, {"uuid": "a80fda73-fbf7-4b01-ba85-365027c03c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "Telegram/mhxkLegikJu7syAQ-topaxjK7UZED4kUzp87E1-mVUTqL1w", "content": "", "creation_timestamp": "2023-07-13T12:34:12.000000Z"}, {"uuid": "47aadb60-b376-433f-bfbc-c3b04c43c94c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "Telegram/f1xIU64BPtqCo4e41cDGT7tZSg0C7tQkRZ1CwemdWGzLseM", "content": "", "creation_timestamp": "2025-12-21T09:00:05.000000Z"}, {"uuid": "e84f1f40-1f25-49f1-966e-f77310ab8282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "Telegram/O1ZalrnhHxYznvMcmxUbyoFGlSwn-ftcOEc78LO95gjX88E", "content": "", "creation_timestamp": "2023-07-13T12:31:47.000000Z"}, {"uuid": "58f91536-c423-4aaf-ab5d-4b553acf99cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/cKure/11618", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2023-32315 | Hackers actively exploiting Openfire flaw to encrypt servers.\n\nhttps://www.bleepingcomputer.com/news/security/hackers-actively-exploiting-openfire-flaw-to-encrypt-servers/", "creation_timestamp": "2023-09-27T14:33:54.000000Z"}, {"uuid": "f97e27d1-165e-4d5c-9958-dcbb7a13029a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5475", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aOpenfire Console Authentication Bypass Vulnerability with RCE plugin\nURL\uff1ahttps://github.com/miko550/CVE-2023-32315\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-10-18T00:54:16.000000Z"}, {"uuid": "414e61b5-54c0-48fa-84e2-6726c0fd69a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4705", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-32315-Openfire-Bypass\nURL\uff1ahttps://github.com/izzz0/CVE-2023-32315-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-07T07:54:58.000000Z"}, {"uuid": "48e0e431-57ed-477e-99d8-da517af544d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5344", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aOpenfire\u672a\u6388\u6743\u5230RCE(CVE-2023-32315)\u590d\u73b0\nURL\uff1ahttps://github.com/CN016/Openfire-RCE-CVE-2023-32315-\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-10-10T08:59:27.000000Z"}, {"uuid": "f88e49d0-55b4-48de-bb6f-7abc10ac0b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5050", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aScanner for CVE-2023-32315.py\nURL\uff1ahttps://github.com/gibran-abdillah/CVE-2023-32315\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-31T08:51:00.000000Z"}, {"uuid": "2dacff7d-65c2-4e56-8ccf-aed61d74caa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6196", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA PoC exploit for CVE-2023-23752 - Openfire Authentication Bypass\nURL\uff1ahttps://github.com/K3ysTr0K3R/CVE-2023-32315-EXPLOIT\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-15T17:41:28.000000Z"}, {"uuid": "7e98778a-051c-40ca-aaac-a8645ef523f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/688", "content": "Exploitation of Openfire CVE-2023-32315\nhttps://youtu.be/VUGG1rCDVMY?feature=shared", "creation_timestamp": "2023-08-25T08:53:25.000000Z"}, {"uuid": "46f7b633-e189-430c-87a1-62cb490a3f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/ics_cert/1099", "content": "\u0628\u0647 \u06af\u0641\u062a\u0647 VulnCheck\u060c \u0628\u06cc\u0634 \u0627\u0632 3000 \u0633\u0631\u0648\u0631 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u062c\u062f\u06cc\u062f \u0628\u0631\u0627\u06cc \u0648\u0635\u0644\u0647\u200c\u0634\u062f\u0647 CVE-2023-32315 \u062f\u0631 \u0645\u0639\u0631\u0636 \u062e\u0637\u0631 \u062d\u0645\u0644\u0627\u062a \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0646\u062f.\n\nOpenfire \u06a9\u0647 \u062a\u0648\u0633\u0637 Ignite Realtime \u0627\u0631\u0627\u0626\u0647 \u0645\u06cc \u0634\u0648\u062f\u060c \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u0647\u0645\u06a9\u0627\u0631\u06cc \u0628\u0644\u0627\u062f\u0631\u0646\u06af \u0628\u06cc\u0646 \u067e\u0644\u062a\u0641\u0631\u0645\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0632\u0628\u0627\u0646 \u062c\u0627\u0648\u0627 \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0648 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 XMPP \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0631\u0627\u0628\u0637 \u0648\u0628 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u06cc \u0634\u0648\u062f.\n\n\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u062f\u0631 Openfire Administration Console \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u067e\u06cc\u0645\u0627\u06cc\u0634 \u0645\u0633\u06cc\u0631 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0645\u062d\u06cc\u0637 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u0627\u06cc\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0628\u0647 \u0635\u0641\u062d\u0627\u062a \u0645\u062d\u062f\u0648\u062f \u0634\u062f\u0647 \u062f\u0631 \u06a9\u0646\u0633\u0648\u0644 \u0645\u062f\u06cc\u0631\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0646\u062f.\n\n\u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0639\u062f\u0645 \u0645\u062d\u0627\u0641\u0638\u062a Openfire \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc URL \u063a\u06cc\u0631 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u062e\u0627\u0635 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc UTF-16 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0648\u0628 \u0633\u0631\u0648\u0631 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0646\u0645\u06cc \u0634\u0648\u062f - \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0628\u062f\u0648\u0646 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u062d\u0641\u0627\u0638\u062a \u0627\u0636\u0627\u0641\u0647 \u0634\u062f.\n\n\u0647\u0645\u0647 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc Openfire \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u0646\u062f\u060c \u0627\u0632 \u0646\u0633\u062e\u0647 3.10.0 \u06a9\u0647 \u062f\u0631 \u0622\u0648\u0631\u06cc\u0644 2015 \u0645\u0646\u062a\u0634\u0631 \u0634\u062f \u0648 \u0628\u0627 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 4.7.5 \u0648 4.6.8 \u06a9\u0647 \u062f\u0631 \u0645\u06cc 2023 \u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0646\u062a\u0634\u0631 \u0634\u062f \u060c \u067e\u0627\u06cc\u0627\u0646 \u0645\u06cc\u200c\u06cc\u0627\u0628\u062f.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u06cc\u0634 \u0627\u0632 \u062f\u0648 \u0645\u0627\u0647 \u062f\u0631 \u062d\u0645\u0644\u0627\u062a \u0645\u062e\u0631\u0628 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a.\n\n\u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u062d\u0633\u0627\u0628\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u06cc \u06a9\u0646\u0633\u0648\u0644 \u0645\u062f\u06cc\u0631\u06cc\u062a \u062c\u062f\u06cc\u062f\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0646\u0635\u0628 \u0627\u0641\u0632\u0648\u0646\u0647\u200c\u0627\u06cc \u0628\u0627 \u067e\u0648\u0633\u062a\u0647 \u0648\u0628 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0622\u0646\u0647\u0627 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f \u0648 \u0628\u0647 \u0647\u0631 \u062f\u0627\u062f\u0647\u200c\u0627\u06cc \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0646\u062f.\n\n\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062a\u0627 \u0628\u0647 \u0627\u0645\u0631\u0648\u0632 \u06a9\u0647 CVE-2023-32315 \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u0646\u062f\u060c \u0647\u0645\u06af\u06cc \u06cc\u06a9 \u0637\u0631\u062d \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u0646\u062f.\n\n\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c VulnCheck \u06cc\u06a9 \u0646\u0648\u0639 \u062c\u062f\u06cc\u062f \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0631\u0627 \u06a9\u0634\u0641 \u06a9\u0631\u062f \u06a9\u0647 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u0627\u06cc\u062c\u0627\u062f \u062d\u0633\u0627\u0628 \u0645\u062f\u06cc\u0631 \u0646\u062f\u0627\u0631\u062f.\n\n\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u0645\u062d\u0642\u0642\u0627\u0646 \u0628\u06cc\u0634 \u0627\u0632 6300 \u0633\u0631\u0648\u0631 Openfire \u0631\u0627 \u062f\u0631 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u062d\u062f\u0648\u062f 50 \u062f\u0631\u0635\u062f \u0627\u0632 \u0633\u0631\u0648\u0631\u0647\u0627 \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0631\u062f\u0646\u062f.\n\n\u0627\u0632 \u0622\u0646\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u06cc \u06a9\u0647 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0646\u0642\u0637\u0647 \u067e\u0627\u06cc\u0627\u0646\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u067e\u0644\u0627\u06af\u06cc\u0646 \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0627\u0641\u0632\u0648\u0646\u0647 \u0631\u0627 \u0645\u0633\u062a\u0642\u06cc\u0645\u0627 \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0631\u062f\u0647 \u0648 \u0633\u067e\u0633 \u0628\u0647 \u067e\u0648\u0633\u062a\u0647 \u0648\u0628 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0647\u0645\u0686\u0646\u06cc\u0646 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a.\n\n\u0627\u06cc\u0646 \u0631\u0648\u06cc\u06a9\u0631\u062f \u0647\u06cc\u0686 \u0627\u062b\u0631\u06cc \u0627\u0632 \u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u062f\u0631 \u06af\u0632\u0627\u0631\u0634 \u0647\u0627\u06cc \u0645\u0645\u06cc\u0632\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0627\u0642\u06cc \u0646\u0645\u06cc \u06af\u0630\u0627\u0631\u062f \u0648 \u0627\u0632 \u062b\u0628\u062a \u0627\u0639\u0644\u0627\u0646 \u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u0641\u0632\u0648\u0646\u0647 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0634\u062f\u0647 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0645\u06cc \u06a9\u0646\u062f.\n\n\u062f\u0631 \u062d\u0627\u0644\u06cc \u06a9\u0647 \u0641\u0639\u0627\u0644\u06cc\u062a \u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 openfire.log \u0642\u0627\u0628\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u067e\u06cc\u0645\u0627\u06cc\u0634 \u0645\u0633\u06cc\u0631 \u0628\u0631\u0627\u06cc \u062d\u0630\u0641 \u06af\u0632\u0627\u0631\u0634 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u067e\u0648\u0633\u062a\u0647 \u0648\u0628 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f \u0648 \u062e\u0648\u062f \u0627\u0641\u0632\u0648\u0646\u0647 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u062a\u0646\u0647\u0627 \u0646\u0634\u0627\u0646\u06af\u0631 \u0633\u0627\u0632\u0634 \u0628\u0627\u0642\u06cc \u0628\u06af\u0630\u0627\u0631\u062f.\n\n\u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u0645\u062d\u0642\u0642\u0627\u0646 \u062e\u0627\u0637\u0631\u0646\u0634\u0627\u0646 \u0645\u06cc \u06a9\u0646\u0646\u062f\u060c \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0642\u0628\u0644\u0627\u064b \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u0633\u062a\u060c \u0627\u062d\u062a\u0645\u0627\u0644\u0627\u064b \u062d\u062a\u06cc \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0628\u0627\u062a \u0646\u062a \u0645\u0639\u0631\u0648\u0641\u060c \u0648 \u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0641\u0631\u0627\u0648\u0627\u0646 \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0634\u0628\u06a9\u0647\u060c \u0641\u0631\u0636 \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u062f\u0631 \u0622\u06cc\u0646\u062f\u0647 \u0627\u062f\u0627\u0645\u0647 \u062e\u0648\u0627\u0647\u062f \u062f\u0627\u0634\u062a.\n\ud83c\udfed \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33\n\u06af\u0631\u0648\u0647 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ICSCERT_IR", "creation_timestamp": "2025-04-11T16:31:53.000000Z"}, {"uuid": "b78a2fca-bc6d-48a7-8128-ae9e6cad3466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/271", "content": "\u0648\u0642\u062a\u06cc \u06af\u0641\u062a\u0647 \u0645\u06cc\u0634\u0647 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u062c\u0627\u0628\u0631 \u0647\u0645 \u0645\u0634\u06a9\u0644\u0627\u062a \u062e\u0648\u062f\u0634\u0648\u0646 \u0631\u0648 \u062f\u0627\u0631\u0646 \u0627\u06cc\u0646\u0647\nCVE-2023-32315\nhttp://localhost:9090/setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp\nhttps://github.com/advisories/GHSA-gw42-f939-fhvm", "creation_timestamp": "2023-05-29T11:08:45.000000Z"}, {"uuid": "38da8ee8-ebe8-4037-8993-23c1a30ea066", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/BleepingComputer/17904", "content": "Latest news and stories from BleepingComputer.com\nOver 3,000 Openfire servers vulnerable to takover attacks\n\nThousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts. [...]", "creation_timestamp": "2023-08-23T22:24:07.000000Z"}, {"uuid": "b7f80308-e43c-4b96-bc2d-ab9ca1c160b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/BleepingComputer/17900", "content": "\u200aOver 3,000 Openfire servers vulnerable to takover attacks\n\nThousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts. [...]\n\nhttps://www.bleepingcomputer.com/news/security/over-3-000-openfire-servers-vulnerable-to-takover-attacks/", "creation_timestamp": "2023-08-23T22:17:42.000000Z"}, {"uuid": "dfaa9241-7c1e-4da9-9235-5585dc672532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "Telegram/jHwfzAhuXE7Ge4gghiguuIpLe5vUUTovG_Zsj0zyiHgb", "content": "", "creation_timestamp": "2023-09-25T15:25:20.000000Z"}, {"uuid": "f29a7a63-e2e2-4f7c-acd4-7eda41205a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "Telegram/3XN12dEiV8JfAZm8nYijw17IG6AtlTmywEEnqtFHAlEyBA", "content": "", "creation_timestamp": "2023-08-24T11:34:25.000000Z"}, {"uuid": "15735095-2eb4-4824-b349-ba9bf7cdbcab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "https://t.me/KomunitiSiber/697", "content": "Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw\nhttps://thehackernews.com/2023/08/thousands-of-unpatched-openfire-xmpp.html\n\nThousands of\u00a0Openfire XMPP servers\u00a0are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a\u00a0new report\u00a0from VulnCheck.\nTracked as\u00a0CVE-2023-32315\u00a0(CVSS score: 7.5), the vulnerability relates to a path traversal vulnerability in Openfire's administrative console that could permit an unauthenticated attacker to access otherwise restricted", "creation_timestamp": "2023-08-24T11:26:12.000000Z"}, {"uuid": "428aba7a-e18d-4deb-8d98-a154ec4df570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "Telegram/hc2dIHHMpdUSQ5y3pkUagEIur6hOtLIqyI8eVnWVLdzw", "content": "", "creation_timestamp": "2023-09-25T20:26:56.000000Z"}, {"uuid": "cb29881d-fc1a-4b7f-b888-47ddeb710fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "Telegram/iKZC9S3luWej7tbCHfMOUopQAEtDNRlIo0z1FYRa63nc", "content": "", "creation_timestamp": "2023-09-25T18:23:31.000000Z"}, {"uuid": "149439e5-1132-4147-aab9-e2e87ef8ec23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3086", "content": "CVE2023-1829\n\nThe exploitation is tested on Ubuntu22.04 official source code 5.15.0-25.25\n\nhttps://github.com/lanleft/CVE2023-1829\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34830\n\ni-doit Open v24 and below are vulnerable to Reflected XSS vulnerability. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.\n\nhttps://github.com/leekenghwa/CVE-2023-34830---Reflected-XSS-found-in-I-doit-Open-v24-and-below\n\n#cve #cybersecurity #infosec\n\nEvilCrowRF + Flipper Zero\n\nThis firmware is an alternative to the EvilCrowRF default firmware. Module: CC1101 - Compatible Flipper Zero file.\n\nhttps://github.com/h-RAT/EvilCrowRF_Custom_Firmware_CC1101_FlipperZero\n\n#infosec #pentesting #redteam\n\n\u200b\u200bConan \n\nHelping you delete your old accounts.\n\nhttps://github.com/Nenaff/Conan\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32315\n\nOpenfire Bypass\n\nhttps://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass\n\n#cve #cybersecurity #infosec\n\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-06-18T11:04:58.000000Z"}, {"uuid": "aecc67ed-f8e9-4aac-afdf-78f896b51c45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3072", "content": "Tools - Hackers Factory \n\nLink-X \n\nA Hack-Via-Link ToolKit. Including: Camera, Voice, Location Etc*4\n\nhttps://github.com/Toxic-Noob/Link-X\n\n#infosec #pentesting #redteam\n\nStorm-Breaker\n\nSocial engineering tool [Access Webcam & Microphone & Location Finder] With Python.\n\nhttps://github.com/ultrasecurity/Storm-Breaker\n\n#infosec #pentesting #redteam\n\njsFinder\n\nA command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can contain a JavaScript file (e.g., src, href, data-main, etc.) and extracts the URLs of the files to a text file. The tool is designed to be simple to use, and it supports reading URLs from a file or from standard input.\n\nhttps://github.com/kacakb/jsfinder\n\n#infosec #pentesting #bugbounty\n\nCVE-2023-32315\n\nAdministration Console authentication bypass in openfire xmppserver.\n\nhttps://github.com/advisories/GHSA-gw42-f939-fhvm\n\n#cve #cybersecurity #infosec\n\nCrowdSec\n\nThe open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.\n\nhttps://github.com/crowdsecurity/crowdsec\n\n#cybersecurity #infosec\n\nLookyloo \n\nLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.\n\nhttps://github.com/Lookyloo/lookyloo\n\n#cybersecurity #infosec #pentesting\n\n\ud83e\udd96Velociraptor Docker\n\nDocker image for Velocidex Velociraptor.\n\nhttps://github.com/weslambert/velociraptor-docker\n\n#infosec #pentesting #bugbounty\n\nGato\n\nGitHub Attack Toolkit is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization.\n\nhttps://github.com/praetorian-inc/gato\n\n#cybersecurity #infosec #pentesting\n\nOSINT QuickStart\n\nIncludes quick start guides for #Shodan and Censys #OSINT search engines.\n\nhttps://github.com/utilsec/osint\n\n#cybersecurity #infosec\n\nCookie-Graber-BOF\n\nC or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for #CobaltStrike.\n\nhttps://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF\n\n#infosec #pentesting #redteam\n\nGeacon\n\nPractice Go programming and implement #CobaltStrike's Beacon in Go\n\nhttps://github.com/darkr4y/geacon\n\n#infosec #pentesting #redteam\n\nRepeaterSearch\n\nThis #burpsuite plugin adds a search bar to Repeater that allows you to search Requests and/or Responses for a string. Regex is also supported.\n\nhttps://github.com/Static-Flow/RepeaterSearch\n\n#infosec #infosec #bugbounty\n\nPractical Windows Forensics\n\nA quick DIY approach for performing a digital forensic analysis on a Windows 10 system.\n\nhttps://github.com/bluecapesecurity/PWF\n\n#cybersecurity #infosec #forensic\n\nOWASP Domain Protect\n\nPrevent subdomain takeover...\n\nhttps://github.com/domain-protect/domain-protect\n\n#cybersecurity #infosec\n\nawesome-oracle-manipulation\n\nAwesome list of all things oracle manipulation. Creating to help spread a better understanding of oracles and oracle manipulation.\n\nhttps://github.com/0xcacti/awesome-oracle-manipulation\n\n#cybersecurity #infosec\n\nCheckov\n\nPrevent #cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.\n\nhttps://github.com/bridgecrewio/checkov\n\n#cybersecurity #infosec\n\namd-lm32-smu-exploit\n\nGeneric #exploit for all version 7 (maybe others) LM32-based AMD SMU's used in APUs (and probably works on GPUs too)\n\nhttps://github.com/jevinskie/amd-lm32-smu-exploit\n\n#cybersecurity #infosec\n\nGretchen\n\nCisco TCL tool to stop Responder attacks.\n\nhttps://github.com/c4s73r/Gretchen\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-30T15:18:17.000000Z"}, {"uuid": "f3235c7c-87d8-4d55-91dd-0ca0d89ef3fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1694", "content": "Exploitation of Openfire CVE-2023-32315\nFull WriteUp\nOpenfire-Bypass exploit", "creation_timestamp": "2023-08-22T22:08:58.000000Z"}, {"uuid": "34e7c521-f2f4-458e-aff0-7369e0f1c80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1546", "content": "CVE-2023-32315\nopenfire xmppserver \nAdministration Console authentication bypass\n\npath traversal - \u0442\u043e\u043b\u044c\u043a\u043e \u0432 UTF-16 \nhttp://localhost:9090/setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp\n\n\u0410 \u043a\u0442\u043e \u0432\u043e\u043e\u0431\u0449\u0435 \u0432 \u0437\u0434\u0440\u0430\u0432\u043e\u043c \u0443\u043c\u0435, \u043f\u043e\u0441\u043b\u0435 \u0438\u043d\u0441\u0442\u0430\u043b\u043b\u0430 \u0434\u0435\u0440\u0436\u0438\u0442 \u043f\u0430\u043f\u043a\u0443 setup \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 ? \nread\n\n#jabber", "creation_timestamp": "2023-05-29T08:24:40.000000Z"}, {"uuid": "d59b1305-6973-42f1-b6a9-1eb949757ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "Telegram/6wovPbMsAsvhboKDczEbAGs11dP27buMhrAkJq8ScHBORQ", "content": "", "creation_timestamp": "2023-08-23T04:58:40.000000Z"}, {"uuid": "12040c44-8aea-4200-b411-30e01d8275f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/831", "content": "CVE-2023-32315 : Openfire xmppserver Administration Console -  authentication bypass\nPOC : https://github.com/Pari-Malam/CVE-2023-32315\nPOC : https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass", "creation_timestamp": "2023-08-17T14:30:17.000000Z"}, {"uuid": "90d4ea67-a076-4947-9055-0f900dc8d416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "Telegram/lkClufF-GFiKfd1u8hBBFNIpsNZxzvyNF6UElFxMqURbP0g", "content": "", "creation_timestamp": "2023-07-24T16:23:05.000000Z"}, {"uuid": "202bc33e-ae6e-41a5-9b06-c9f57d48f17c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4173", "content": "\ud83d\udd30Untun - Tunnel Your Local HTTP(s) Server To The World : https://system32.ink/untun-tunnel-your-local-https-server-to-the-world/\n\n\ud83d\udc40Eyes - OSINT Tool To Get Existing Accounts From An Email : https://system32.ink/eyes-osint-tool-to-get-existing-accounts-from-an-email/\n\n\ud83e\uddd1\u200d\ud83c\udf93Cetus Legal NZ Data Leak : https://system32.ink/cetus-legal-nz-data-leak/\n\n\ud83d\udd25Openfire CVE-2023-32315 Exploit : https://system32.ink/openfire-cve-2023-32315-exploit/\n\n\u26f9\ufe0fTuttur.com Turkey Sports Data Leak : https://system32.ink/tuttur.com-turkey-sports-data-leak/\n\n\ud83e\uddd1\u200d\ud83d\udcbbProtemps Employment Services Pte Ltd Data Leak : https://system32.ink/protemps-employment-services-pte-ltd-data-leak/\n\n\ud83d\udca9Institute of Space Technology (IST) Porkistan Data Leak : https://system32.ink/institute-of-space-technology-ist-porkistan-data-leak/", "creation_timestamp": "2023-08-23T04:57:49.000000Z"}, {"uuid": "f4fb8030-8f40-4fa7-9c9a-0e2be5fd472d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/true_secator/4902", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Dr.Web \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Openfire \u0432 \u0430\u043a\u0442\u0430\u0445 \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0435\u0440\u043e\u0432.\n\nOpenfire \u2014 \u044d\u0442\u043e \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 XMPP \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Java \u0441 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 9 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430\u043c\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0438 \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u043c\u0435\u0436\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u044b\u0445 \u0447\u0430\u0442\u043e\u0432.\n\nCVE-2023-32315 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Openfire, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u043e\u0432\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b Java (\u0444\u0430\u0439\u043b\u044b JAR), \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b GET \u0438 POST.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Openfire \u043e\u0442 3.10.0, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 2015 \u0433\u043e\u0434\u0430, \u0434\u043e 4.6.7 \u0438 \u043e\u0442 4.7.0 \u0434\u043e 4.7.4.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.6.8, 4.7.5 \u0438 4.8.0 \u0435\u0449\u0435 \u0432 \u043c\u0430\u0435 2023 \u0433\u043e\u0434\u0430, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VulnCheck \u043a \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2023 \u0433\u043e\u0434\u0430 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 3000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Openfire, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u0441\u043b\u0443\u0447\u0430\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Dr. Web \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 \u0438\u044e\u043d\u0435 2023 \u0433\u043e\u0434\u0430 \u0432 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 ransomnware, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2023-32315 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 Openfire, \u0432\u043e\u0448\u043b\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u0430 JAR, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b \u0432 POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0435 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 Java \u043a\u043e\u0434.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 JAVA-\u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 Dr. Web, \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0438: helloworld-openfire-plugin-assembly.jar, Product.jar \u0438 bookmarks-openfire-plugin-assembly.jar.\n\n\u0414\u0430\u043b\u0435\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438 Dr. Web \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0442\u0440\u043e\u044f\u043d\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a - \u0442\u0440\u043e\u044f\u043d \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442 \u043d\u0430 \u0431\u0430\u0437\u0435 Go, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a Kinsing.\n\n\u0415\u0433\u043e \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c OpenfireSupport, \u0430 \u0437\u0430\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c plugin.jar, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0435\u0442 \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043c\u0430\u0439\u043d\u0435\u0440\u0430 \u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0435\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440.\n\n\u0412 \u0434\u0440\u0443\u0433\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u043d\u0435\u0433\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440 \u043d\u0430 \u0431\u0430\u0437\u0435 C, \u0443\u043f\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 UPX, \u0441\u043b\u0435\u0434\u0443\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f.\n\n\u0422\u0440\u0435\u0442\u0438\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0430\u0442\u0430\u043a\u0438, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438, \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u0430 Openfire \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 (\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f\u0445, IP-\u0430\u0434\u0440\u0435\u0441\u0430\u0445, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u044f\u0434\u0440\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b).\n\n\u0412 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 Dr. Web \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0430 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0430 \u0447\u0435\u0442\u044b\u0440\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2023-32315. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c, \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.", "creation_timestamp": "2023-09-27T19:20:05.000000Z"}, {"uuid": "a2d288b7-9a44-4657-b5f5-728513db82ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1089", "content": "Successive / repetition\nCVE-2023-27532 : Veeam Backup and Replication\nPOC : https://github.com/horizon3ai/CVE-2023-27532\nPOC : https://github.com/sfewer-r7/CVE-2023-27532\nCVE-2023-32315 : Openfire\nPOC : https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass\nCVE-2021-21974 & CVE-2020-3992: VMware ESXi OpenSLP\n1 : https://straightblast.medium.com/my-poc-walkthrough-for-cve-2021-21974-a266bcad14b9\n2 : https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/\n3 : https://www.zerodayinitiative.com/blog/2021/3/1/cve-2020-3992-amp-cve-2021-21974-pre-auth-remote-code-execution-in-vmware-esxi\nPOC : https://github.com/Shadow0ps/CVE-2021-21974\nPOC : https://github.com/straightblast/My-PoC-Exploits/blob/master/CVE-2021-21974.py", "creation_timestamp": "2024-05-09T11:31:16.000000Z"}, {"uuid": "4e1af5a7-2008-4dcb-8340-0b7360e9a047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/true_secator/4765", "content": "\u0411\u043e\u043b\u0435\u0435 3000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c VulnCheck, \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442\u0441\u044f \u0440\u0438\u0441\u043a\u0443 \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u043e\u0432\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 CVE-2023-32315.\n\nOpenfire, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0439 Ignite Realtime, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 Java, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b XMPP \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Openfire \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u043f\u0443\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u0440\u0435\u0434\u0443 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u043c \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438\u00a0\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0432 Openfire \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0438 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0434\u043b\u044f \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 UTF-16, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c - \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0431\u044b\u043b\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u0431\u0435\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Openfire, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 3.10.0, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2015 \u0433\u043e\u0434\u0430, \u0438 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 4.7.5 \u0438 4.6.8,\u00a0\u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c\u0438 \u0432 \u043c\u0430\u0435 2023 \u0433\u043e\u0434\u0430\u00a0\u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0431\u043e\u043b\u0435\u0435 \u0434\u0432\u0443\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432.\n\n\u0411\u044b\u043b\u043e\u00a0\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438\u00a0\u0441\u043e\u0437\u0434\u0430\u0432\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u043e\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u044e\u0431\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 CVE-2023-32315, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442 \u043e\u0434\u043d\u0443 \u0438 \u0442\u0443 \u0436\u0435 \u0441\u0445\u0435\u043c\u0443.\n\n\u041e\u0434\u043d\u0430\u043a\u043e VulnCheck \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438\u00a0\u043d\u043e\u0432\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 6300 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Openfire \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435, \u043f\u0440\u0438\u0447\u0435\u043c \u043e\u043a\u043e\u043b\u043e 50% \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0434\u0435\u0444\u0435\u043a\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043b\u0430\u0433\u0438\u043d\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e, \u0430 \u0437\u0430\u0442\u0435\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435, \u0442\u0430\u043a\u0436\u0435 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0422\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043b\u0435\u0434\u043e\u0432 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0432 \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u0445 \u0430\u0443\u0434\u0438\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044c \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u0438\u0434\u043d\u0430 \u0432 openfire.log, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0447\u0435\u0440\u0435\u0437 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0430\u043c \u043f\u043b\u0430\u0433\u0438\u043d \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0434\u0430\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c, \u0438 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0441\u0435\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0441\u044f \u0438 \u0432 \u0431\u0443\u0434\u0443\u0449\u0435\u043c.", "creation_timestamp": "2023-08-24T09:59:15.000000Z"}, {"uuid": "c632ffd0-1ef1-4634-8314-a7f2bb753954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/thehackernews/3781", "content": "\ud83d\udd25 Thousands of Openfire XMPP servers remain unpatched against a high-severity flaw, CVE-2023-32315, exposing them to exploits. \n \nRead details: https://thehackernews.com/2023/08/thousands-of-unpatched-openfire-xmpp.html \n \nDon't wait \u2013 update now to prevent potential breaches.", "creation_timestamp": "2023-08-24T10:31:08.000000Z"}, {"uuid": "b38b5901-8c92-4e57-a350-848cab68fc2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8503", "content": "#exploit\n1. CVE-2023-34830:\nReflected XSS found in i-doit Open <= v.24\nhttps://github.com/leekenghwa/CVE-2023-34830---Reflected-XSS-found-in-I-doit-Open-v24-and-below\n\n2. CVE-2023-32315:\nOpenfire Bypass\nhttps://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass", "creation_timestamp": "2023-06-17T12:45:34.000000Z"}, {"uuid": "fb9e1b1a-bbc5-4763-9113-50f473612568", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "exploited", "source": "https://t.me/xakep_ru/14574", "content": "\u0411\u043e\u043b\u0435\u0435 3000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Openfire \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0441\u0432\u0435\u0436\u0438\u0439 \u0431\u0430\u0433\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b VulnCheck \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0431\u043e\u043b\u0435\u0435 3000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Openfire \u0432\u0441\u0435 \u0435\u0449\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 CVE-2023-32315, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0432 \u043c\u0430\u0435 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u0433\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0438\u043f\u0430 path traversal \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\nhttps://xakep.ru/2023/08/24/openfire-bug/", "creation_timestamp": "2023-08-24T19:33:22.000000Z"}, {"uuid": "139b66f2-9817-498f-963d-47765d8db495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "seen", "source": "https://t.me/thebugbountyhunter/7693", "content": "https://vulncheck.com/blog/openfire-cve-2023-32315", "creation_timestamp": "2023-08-22T16:58:58.000000Z"}, {"uuid": "b7c10076-e059-49f6-bbfe-49c41fd22878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32315", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/943", "content": "https://youtu.be/VUGG1rCDVMY?feature=shared\nExploitation of Openfire CVE-2023-32315", "creation_timestamp": "2023-08-26T05:51:07.000000Z"}]}