CVE-2018-1000822 PoC — codelibs fess GSA XML文件解析器安全漏洞

Source

https://github.com/andikahilmy/CVE-2018-1000822-fess-vulnerable

Associated Vulnerability

Title:codelibs fess GSA XML文件解析器安全漏洞 (CVE-2018-1000822)
Description:codelibs fess是一款基于Java和Elasticsearch的搜索服务器。GSA XML是其中的一个XML解析器。 codelibs fess commit faa265b之前版本中的GSA XML文件解析器存在XML外部实体注入漏洞。攻击者可借助特制的GSA XML文件利用该漏洞泄露敏感数据，造成拒绝服务，实施服务器端请求伪造攻击或扫描端口。

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-1000822 PoC — codelibs fess GSA XML文件解析器安全漏洞

Source

Associated Vulnerability

File Snapshot

Remarks