Geonetwork 4.2.0 xml external entity (xxe) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-07-29 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Geonetwork 4.2.0 xml external entity (xxe) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Geonetwork 4.2.0 - XML External Entity (XXE)
# Date: 2022-July-11
# Exploit Author: Amel BOUZIANE-LEBLOND (https://twitter.com/amellb)
# Vendor Homepage: https://geonetwork-opensource.org/
# Version: Geonetwork 3.10.X through 4.2.0
# Tested on: Microsoft Windows Server & Linux
# Description:
# GeoNetwork 3.1.x through 4.2.0
# During rendering pdf of map.
# The XML parser is now configured securely to validate submitted XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server.