Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-17762 PoC — Episerver 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-17762.yaml
Associated Vulnerability
Title:Episerver 安全漏洞 (CVE-2017-17762)
Description:EPiServer是瑞典EPiServer公司的一套基于.NET的Web内容管理系统和在线社交网络平台。 EpiServer 7 patch 4及之前版本中存在XML外部实体注入漏洞。远程攻击者可借助XML请求中特制的DTD利用该漏洞读取任意文件。
Description
Episerver 7 patch 4 and earlier contains an XML external entity (XXE) caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads.
File Snapshot

 id: CVE-2017-17762

info:
  name: Episerver 7 - Blind XML External Entity Injection
  author: pussyc

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.