Skip to content

Latest commit

 

History

History
18 lines (14 loc) · 912 Bytes

README.md

File metadata and controls

18 lines (14 loc) · 912 Bytes

CVE-2019-9757: LabKey Server XXE

Information

Description: An XXE vulnerability exists in LabKey Server due to an outdated Java library. This allows arbitrary files to be read from the server.
Versions Affected: LabKey Server 19.1.0
Researcher: David Yesland (https://twitter.com/daveysec)
Disclosure Link: https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9757

Proof-of-Concept Exploit

Description

The application parses SVG/XML data to render as an image if an external entity is used in the XML it is possible to render the contents of files into the image.

Usage/Exploitation

Within LabKey Server, export a report graph as a PNG and send the contents of CVE-2019-9757.svg with the POST request.

Screenshot

Alt-text that shows up on hover