CVE-2022-2414 PoC — Dogtag PKI 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-2414.yaml

Associated Vulnerability

Title:Dogtag PKI 代码问题漏洞 (CVE-2022-2414)
Description:Dogtag PKI是Dogtag开源的一个企业级的开源证书颁发机构 (CA)。 Dogtag PKI 的XML解析器存在安全漏洞，该漏洞源于在分析 XML 文档时访问外部实体可能会导致 XML 外部实体（XXE）攻击。此漏洞允许远程攻击者通过发送特制的 HTTP 请求来潜在地检索任意文件的内容。

Description

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

File Snapshot


 id: CVE-2022-2414

info:
  name: FreeIPA - XML Entity Injection
  author: DhiyaneshDk
  severity: hi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!