Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-12463 PoC — Micro Focus Fortify Software Security Center 安全漏洞

Source
https://github.com/alt3kx/CVE-2018-12463
Associated Vulnerability
Title:Micro Focus Fortify Software Security Center 安全漏洞 (CVE-2018-12463)
Description:Micro Focus Fortify Software Security Center(SSC)是英国Micro Focus公司的一套软件安全管理平台。该平台能够扫描、修复安全漏洞,并自动生成报告。 Micro Focus Fortify SSC 17.1版本、17.2版本和18.1版本中存在XML外部实体注入漏洞。远程攻击者可借助XML请求中特制的DTD利用该漏洞读取任意文件或实施服务器端请求伪造攻击。
Description
XML external entity (XXE) vulnerability in /ssc/fm-ws/services in Fortify Software Security Center (SSC) 17.10, 17.20 & 18.10  (0day CVE-2018-12463)
Readme
# CVE-2018-12463
XML external entity (XXE) vulnerability in /ssc/fm-ws/services in Fortify Software Security Center (SSC) 17.10, 17.20 & 18.10 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request..

Exploit-DB publication at https://www.exploit-db.com/exploits/45027/ </br>
PacketStorm publication at https://packetstormsecurity.com/files/148539/Fortify-SSC-17.10-17.20-18.10-XXE-Injection.html

# Timeline
================</br>
2018-05-24: Discovered</br>
2018-05-25: Retest PRO environment</br>
2018-05-31: Vendor notification, two issues found</br> 
2018-05-31: Vendor feedback received</br>
2018-06-01: Internal communication</br>
2018-06-01: Vendor feedback, two issues are confirmed</br>
2018-06-05: Vendor notification, new issue found</br>
2018-06-06: Vendor feedback, evaluating High submission</br>
2018-06-08: Vendor feedback, High issue is confirmed</br>
2018-06-19: Researcher, reminder sent</br>
2018-06-22: Vendor feedback, summary of CVEs handled as official way</br>
2018-06-26: Vendor feedback, official Hotfix for High issue available to test</br>
2018-06-29: Researcher feedback</br>
2018-07-02: Researcher feedback</br>
2018-07-04: Researcher feedback, Hotfix tested on QA environment</br>
2018-07-05: Vendor feedback</br>
2018-07-09: Vendor feedback, final details to disclosure the CVE and official Hotfix availabe for customers</br>
2018-07-09: Vendor feedback, CVE and official Hotfix to be disclosure</br>
2018-07-12: Agreements with the vendor to publish the CVE/Advisory. </br>
2018-07-12: Public report</br>

# Microfocus (Fortify Product) Patch and credits: 
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563

![vendor_patch_credits_12 jul 18](https://user-images.githubusercontent.com/3140111/42652203-f2c4630e-8611-11e8-85c2-319f18bb84d7.png)

# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em><br>
My current exploit list @exploit-db: https://www.exploit-db.com/author/?a=1074 <br>
CVE-2018-12463 with sexy screens here: https://medium.com/@alt3kx
File Snapshot

 [4.0K]  /data/pocs/6ad90f9aee29844ec4e2745bcab19b4e007f83bb
├── [7.5K]  CVE-2018-12463.txt
├── [ 34K]  LICENSE
├── [5.7K]  MFSBGN03811-1.txt
└── [2.1K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.