Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I believe I have found a zero day which allows an attacker to read files of the server by uploading a XML file in the following:
Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file to perform XXE attack and read files of the server.
I used Burp Collaborator to read the files and its content since it is a blind XXE
Source: https://www.nopcommerce.com/boards/t/62390/xxe-version-390.aspx
The text was updated successfully, but these errors were encountered:
Fixed with e2bba46
Sorry, something went wrong.
Thank you for fixing this so fast, some vendors don't care at all but you guys did a great job. (My CVE was accepted)
References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11519 https://nvd.nist.gov/vuln/detail/CVE-2019-11519
AndreiMaz
No branches or pull requests
I believe I have found a zero day which allows an attacker to read files of the server by uploading a XML file in the following:
Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file to perform XXE attack and read files of the server.
I used Burp Collaborator to read the files and its content since it is a blind XXE
Source: https://www.nopcommerce.com/boards/t/62390/xxe-version-390.aspx
The text was updated successfully, but these errors were encountered: