JOIN BREACHFORUMS TELEGRAM
GeoServer: Full Exploit + Mass Scanning Utility
by Loki - Sunday August 4, 2024 at 08:03 PM
Breached
Member
Posts: 466
Threads: 262
Joined: Jan 2025
Reputation: 30
#21
Oct 01, 2024, 10:34 AM
let's run this up, thanks
Website
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Oct 2024
Reputation: 0
#22
Oct 07, 2024, 10:14 PM
(Aug 04, 2024, 08:03 PM)Loki Wrote:
GeoServer is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.
In versions of GeoServer earlier than 2.23.2, 2.23.6, versions 2.24.0 to 2.24.3, and version 2.25.0, there exists a vulnerability (CVE-2024-36401) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.
Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.

thanks for exploit
Reply
Breached
Member
Posts: 24
Threads: 2
Joined: Sep 2024
Reputation: 0
#23
Oct 08, 2024, 10:12 AM
Thx for sharing bru
Reply
Banned

Posts: 33
Threads: 0
Joined: Oct 2024
Reputation: 0
#24
Oct 12, 2024, 05:13 PM
GeoServer: Full Exploit + Mass Scanning Utility

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Jul 2023
Reputation: 0
#25
Oct 17, 2024, 08:05 PM
Great, thanks for sharing!
Reply
Banned

Posts: 33
Threads: 1
Joined: Feb 2025
Reputation: 0
#26
Mar 25, 2025, 11:17 AM
This is very useful!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 10
Threads: 2
Joined: Apr 2026
Reputation: 0
#27
Apr 24, 2026, 04:56 AM
(Aug 04, 2024, 08:03 PM)Loki Wrote:
GeoServer is an open-source Java-based software server that enables users to view, edit, and share geospatial data. It offers a versatile and efficient solution for distributing geospatial information from various sources such as GIS databases, web-based data, and personal datasets.
In versions of GeoServer earlier than 2.23.2, 2.23.6, versions 2.24.0 to 2.24.3, and version 2.25.0, there exists a vulnerability (CVE-2024-36401) that permits Remote Code Execution (RCE) by unauthenticated users. This issue arises from the unsafe evaluation of property names as XPath expressions in multiple OGC request parameters.
Exploiting this vulnerability, an attacker can send a POST request containing a malicious XPath expression, which can result in arbitrary command execution as root on the system running GeoServer.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  {SECRET} DATABASE OF EXPLOITS lulagain 440 27,395 10 hours ago
Last Post: caribou
  Dokan Pro Unauthenticated SQL Injection POC | CVSS 10 Loki 44 3,930 Yesterday, 04:45 PM
Last Post: Insulina
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 108 13,939 May 06, 2026, 05:42 PM
Last Post: nobcoderfck
  Ban Any Discord Exploit phineasfisherman 7 514 May 06, 2026, 10:16 AM
Last Post: sniperx86
  New Zer0 Day Wordpress A3g00n 81 3,476 May 05, 2026, 03:06 AM
Last Post: DirtyEra

Forum Jump:


 Users browsing this forum: 1 Guest(s)