{"uuid": "de65f047-63ea-43eb-8b63-a68cb9fb88d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25157", "type": "published-proof-of-concept", "source": "https://t.me/k7ali_linux/16", "content": "#sql\nCVE: CVE-2023-25157\n\n_____________________________\n\nCVE-2023-25157 - GeoServer SQL Injection - PoC\n\n_____________________________\n\n\nThis script is a proof of concept for OGC Filter SQL Injection vulnerabilities in GeoServer, a popular open-source software server for sharing geospatial data. It sends requests to the target URL and exploits potential vulnerabilities by injecting malicious payloads into the CQL_FILTER parameter. For experimental purposes, the script uses SELECT version() SQL statement as payload.\n\n\n\n\nSQL Injection : PoC\n\npython3 CVE-2023-25157.py \n\n\n\n\ngoogle dork : inurl:\"/geoserver/ows?service=wfs\"", "creation_timestamp": "2023-07-24T00:48:15.000000Z"}