CVE-2023-45612 PoC — JetBrains Ktor 代码问题漏洞

Source

https://github.com/bbugdigger/ktor-xxe-poc

Associated Vulnerability

Title:JetBrains Ktor 代码问题漏洞 (CVE-2023-45612)
Description:JetBrains Ktor framework是捷克JetBrains公司的一款Web应用程序框架。 JetBrains Ktor 2.3.5之前版本存在代码问题漏洞，该漏洞源于ContentNegotiation默认配置存在XML外部实体注入（XXE）漏洞。

Description

Proof-of-Concept of CVE-2023-45612

Readme

# CVE-2023-45612 Reproduction Steps

### My Versions
- **Java 17**
- **Gradle 8.14.3**
- **Python 3.13.7** (for POC script)

### Steps

```
git clone git@github.com:bbugdigger/ktor-xxe-poc.git
cd ktor-xxe-poc
.\gradlew build
.\gradlew run
```

In new tab with same folder destination run PoC script
```
python .\xxe_poc.py
```

File Snapshot


 [4.0K]  /data/pocs/ac65fb282d1f3d08fbea5dc11a516b07ce330965
├── [ 659]  build.gradle.kts
├── [4.0K]  gradle
│   ├── [1.1K]  libs.versions.toml
│   └── [4.0K]  wrapper
│       ├── [ 43K]  gradle-wrapper.jar
│       └── [ 253]  gradle-wrapper.properties
├── [  27]  gradle.properties
├── [8.5K]  gradlew
├── [2.8K]  gradlew.bat
├── [ 327]  README.md
├── [  17]  requirements.txt
├── [ 124]  settings.gradle.kts
├── [4.0K]  src
│   └── [4.0K]  main
│       ├── [4.0K]  kotlin
│       │   ├── [ 221]  Application.kt
│       │   ├── [3.9K]  Routing.kt
│       │   └── [6.7K]  Serialization.kt
│       └── [4.0K]  resources
│           ├── [ 122]  application.yaml
│           └── [ 425]  logback.xml
└── [2.0K]  xxe_poc.py

7 directories, 16 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!