Subscribe via feed.

Qlikview 11.20 SR4 Blind XXE Injection

Posted by deepcore on September 10, 2015 – 4:15 am

The Qlikview platform is vulnerable to XML External Entity (XXE) vulnerabilities. More specifically, the platform is susceptible to DTD parameter injections, which are also “blind” as the server feeds back no visual response. These vulnerabilities can be exploited to force Server Side Request Forgeries (SSRF)in multiple protocols, as well as reading and extracting arbitrary files on the server directly. Version 11.20 SR4 is vulnerable.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.