Microsoft sql server management studio 17.9 .xmla xml external entity injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-10-11 |
Type : local |
Platform : windows
This exploit / vulnerability Microsoft sql server management studio 17.9 .xmla xml external entity injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
# Date: 2018-10-10
# Author: John Page (aka hyp3rlinx)
# Website: hyp3rlinx.altervista.org
# Venodor: www.microsoft.com
# Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 (Preview 4)
# CVE: CVE-2018-8532
# References:
# http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-XMLA-FILETYPE-XML-INJECTION-CVE-2018-8532.txt
# https://www.zerodayinitiative.com/advisories/ZDI-18-1132/
# https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8532
# The author was credited by the vendor (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8532)
# so this is marked as verified
# Security Issue
# This vulnerability allows remote attackers to disclose sensitive information on
# vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to
# exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
# The specific flaw exists within the handling of XMLA files. Due to the improper restriction of
# XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to
# access the URI and embed the contents back into the XML document for further processing. An attacker can leverage
# this vulnerability to disclose information in the context of the current process.