MSN Password Recovery 1.30 - XML External Entity Injection

Exploit Title: MSN Password Recovery 1.30 - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2020-01-08 Vendor Homepage : https://www.top-password.com/ Software Link: https://www.top-password.com/download/MSNPRSetup.exe Tested on OS: Windows 10 + Exploit : PoC =================== 1...

MSN Password Recovery 1.30 - XML External Entity Injection Vulnerability

Exploit Title: MSN Password Recovery 1.30 - XML External Entity Injection Exploit Author: ZwX Vendor Homepage : https://www.top-password.com/ Software Link: https://www.top-password.com/download/MSNPRSetup.exe Tested on OS: Windows 10 + Exploit : PoC =================== 1 python -m SimpleHTTPServ...

HyperCam 5.5.1911.15 - XML External Entity Injection Vulnerability

Exploit Title: HyperCam 5.5.1911.15 - XML External Entity Injection Exploit Author : ZwX Exploit Date: 2019-11-16 Vendor Homepage : https://www.solveigmm.com/ Link Software : https://www.solveigmm.com/files/SolveigMMHyperCamHomeEdition55191115.exe Tested on OS: Windows 7 + Exploit : PoC...

oXygen XML Editor 21.1.1 - XML External Entity Injection Vulnerability

Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m SimpleHTTPServer 8000...

oXygen XML Editor 21.1.1 XML Injection

Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m...

XML Notepad 2.8.0.4 - XML External Entity Injection

XML Notepad 2.8.0.4 - XML External Entity Injection Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Date: 2019-11-11 Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4...

Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits Title: Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Author: John Page aka hyp3rlinx Vendor: Microsoft Software link: https://www.microsoft.com/en-us/download/details.aspx?id=7558 Software Version: 2.3 References:...

Diving Log 6.0 - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Exploit Title: Diving Log 6.0 XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version...

Uber: Blind OOB XXE At "http://ubermovement.com/"

Test Summary : - POST data was set to &dtgmlf6ent; An HTTP request was initiated for the domain http://122.180.248.81/ which indicates that this script is vulnerable to XXE injection. NOTE : As it was Blind XXE Test I was Successful in Ping Test for XXE. But unable to retrieve any sensitive...