CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval

Posted by deepcore on July 10, 2016 – 2:41 am

CyberPower Systems PowerPanel version 3.1.2 suffers from an unauthenticated XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xmlservice servlet using the ppbe.xml script is not sanitized while parsing the xml inquiry payload returned by the JAXB element translation.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« MS16-016 mrxdav.sys WebDav Local Privilege Escalation Microsoft Process Kill Utility 6.3.9600.17298 Buffer Overflow »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL