Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Add a module for the recent magento XXE #6235
In short, the Zend Framework XXE vulnerability stems from an insufficient sanitisation of untrusted XML data on systems that use PHP-FPM to serve PHP applications. By using certain multibyte encodings within XML, it is possible to bypass the sanitisation and perform certain XXE attacks.
Since eBay Magento is based on Zend Framework and uses several of its XML classes, it also inherits this XXE vulnerability.
This is a straightforward port of this exploit.
How to reproduce
@jvoisin Use rubocop to correct some errors in your code. :)
referenced this pull request
Nov 17, 2015
@jvoisin I am currently on magento 22.214.171.124, and this module doesn't work for me. Could you please take a look at that version?
Regarding the use of
cleanup def cleanup super end
If I'm not mistaken, since Msf::Exploit::Remote::HttpServer::HTML is included last, it should call HttpServer's cleanup, which will remove all the HTTP resources (such as registered URIs), and then that should call TcpServer's cleanup (which will call stop_service). I THINK that's how it works based on reading code.
The difference between that approach and what you currently have, is that after yours calling service.stop, it does not try to remove resources right away, but when you call cleanup it should.
Ho, wait, I know what might be wrong!
This module will send you back the data on
Can my module enforce
Not so much luck, but this is how far I got: