Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9757 PoC — LabKey Server 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-9757.yaml
Associated Vulnerability
Title:LabKey Server 代码问题漏洞 (CVE-2019-9757)
Description:LabKey Server是LabKey公司的一款生物医学研究数据存储库。该存储库允许对跨范围的数据源进行基于Web的查询、报告和协作等。 LabKey Server 19.1.0版本中存在安全漏洞。攻击者可通过向visualization-exportImage.view或visualization-exportPDF.view端点发送SVG文件利用该漏洞读取本地文件。
Description
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.
File Snapshot

 id: CVE-2019-9757

info:
  name: LabKey Server 19.1.0 - XML External Entity (XXE)
  author: ritikcha

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.