JOIN BREACHFORUMS TELEGRAM
GeoServer: Full Exploit + Mass Scanning Utility
by Loki - Sunday August 4, 2024 at 08:03 PM
Breached
Member
Posts: 466
Threads: 262
Joined: Jan 2025
Reputation: 30
#21
Oct 01, 2024, 10:34 AM
let's run this up, thanks
Website
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Oct 2024
Reputation: 0
#22
Oct 07, 2024, 10:14 PM
(Aug 04, 2024, 08:03 PM)Loki Wrote:
GeoServer is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.
In versions of GeoServer earlier than 2.23.2, 2.23.6, versions 2.24.0 to 2.24.3, and version 2.25.0, there exists a vulnerability (CVE-2024-36401) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.
Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.

thanks for exploit
Reply
Breached
Member
Posts: 24
Threads: 2
Joined: Sep 2024
Reputation: 0
#23
Oct 08, 2024, 10:12 AM
Thx for sharing bru
Reply
Banned

Posts: 33
Threads: 0
Joined: Oct 2024
Reputation: 0
#24
Oct 12, 2024, 05:13 PM
GeoServer: Full Exploit + Mass Scanning Utility

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Jul 2023
Reputation: 0
#25
Oct 17, 2024, 08:05 PM
Great, thanks for sharing!
Reply
Banned

Posts: 33
Threads: 1
Joined: Feb 2025
Reputation: 0
#26
Mar 25, 2025, 11:17 AM
This is very useful!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 10
Threads: 2
Joined: Apr 2026
Reputation: 0
#27
Apr 24, 2026, 04:56 AM
(Aug 04, 2024, 08:03 PM)Loki Wrote:
GeoServer is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.
In versions of GeoServer earlier than 2.23.2, 2.23.6, versions 2.24.0 to 2.24.3, and version 2.25.0, there exists a vulnerability (CVE-2024-36401) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.
Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 64 2,778 Apr 24, 2026, 05:17 AM
Last Post: p2wnz_bontensec
  CVE-2024-32002 RCE PoC HA_twck 1 372 Apr 24, 2026, 05:13 AM
Last Post: p2wnz_bontensec
  New Zer0 Day Wordpress A3g00n 78 2,765 Apr 24, 2026, 04:54 AM
Last Post: p2wnz_bontensec
  {SECRET} DATABASE OF EXPLOITS lulagain 428 24,398 Apr 24, 2026, 04:53 AM
Last Post: p2wnz_bontensec
  CVE-2025-47812 - Wing FTP Server Remote Code Execution (RCE) thermos 10 588 Apr 23, 2026, 05:15 PM
Last Post: breachaddictt

Forum Jump:


 Users browsing this forum: 1 Guest(s)