Openfire installation
77@ubuntu129:~/repos$ wget https://github.com/igniterealtime/Openfire/releases/download/v4.4.2/openfire_4.4.2_all.deb
77@ubuntu129:~/repos$ sudo dpkg -i openfire_4.4.2_all.deb
Selecting previously unselected package openfire.
(Reading database ... 332004 files and directories currently installed.)
Preparing to unpack openfire_4.4.2_all.deb ...
Unpacking openfire (4.4.2) ...
Setting up openfire (4.4.2) ...
adduser: Warning: The home directory `/var/lib/openfire' does not belong to the user you are currently creating.
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.24) ...
77@ubuntu129:~/repos$ sudo systemctl start openfire.service
77@ubuntu129:~/repos$ tcp|grep 9090
tcp6 0 0 :::9090 :::* LISTEN 28190/java
Continue to install on the WEB interface:
Reference:
- https://www.vultr.com/docs/how-to-setup-an-openfire-xmpp-server-on-ubuntu-16-04-lts
- https://computingforgeeks.com/install-openfire-xmpp-chat-server-on-ubuntu-linux/
After the installation is complete, enter this interface:
SSRF:CVE-2019-18394
/getFavicon corresponds to the FaviconServlet class. When
entering this class, the doGet method makes an http request based on the user's host parameter.
xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java
Since the following /favicon.ico
can be used ?
as a request parameter, the request of any path is caused.
http://192.168.85.129:9090/getFavicon?host=192.168.85.129:4444/secrets.txt?a=
reference
- https://swarm.ptsecurity.com/openfire-admin-console/