Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
silentrobotsSilent Robot Systems blogSILENTROBOTS:403A88E7BE195BF0DC78B8C5A050DA0C
HistoryOct 02, 2016 - 8:40 p.m.

Exploiting CVE-2016-4264 With OXML_XXE

2016-10-0220:40:40
Silent Robot Systems blog
www.silentrobots.com
430

0.805 High

EPSS

Percentile

98.3%

JSON

Recently ColdFusion was shown vulnerable to XXE based attacks in OXML documents; CVE-2016-4264. The blog post linked gives an example building the file using python; cool!

It's easy to backdoor files in a similar fashion with OXML XXE. The fastest way to do this is using the "Overwrite File inside DOCX/etc" function.

You can add any XLSX at this point, OXML_XXE ships with a sample.xlsx.

You will want to specify the XML file to overwrite; e.g. "[Content_Types.xml]". The "_rels/.rels" file is another option.

Finally add in the XML exploit. Below a Parameter Entity is used.

Click "Build" to generate and download the file. To verify that the file is sound you can view the generated file in the "List Previously Built Files" menu option.

Related

threatpost 1
seebug 2
checkpoint_advisories 1
openvas 1
cve 1
nvd 1
adobe 1
prion 1
cvelist 1
zdt 1
nessus 1
exploitpack 1
packetstorm 1
exploitdb 1
rapid7blog 1
threatpost
threatpost
Patched ColdFusion Flaw Exposes Applications to Attack
2016-09-01 09:15:50
seebug
seebug
Adobe ColdFusion < 11 Update 10 - XML external entity injection
2016-09-09 00:00:00
Adobe ColdFusion εεΊεˆ—εŒ–ζΌζ΄žοΌˆCVE-2017-3066οΌ‰
2018-03-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion OOXML XXE Information Disclosure (CVE-2016-4264)
2016-11-21 00:00:00
openvas
openvas
Adobe ColdFusion 'XML External Entity' Information Disclosure Vulnerability (APSB16-30)
2016-09-01 00:00:00
cve
cve
CVE-2016-4264
2016-09-01 23:59:00
nvd
nvd
CVE-2016-4264
2016-09-01 23:59:00
adobe
adobe
APSB16-30 Security update available for ColdFusion
2016-08-30 00:00:00
prion
prion
Xxe
2016-09-01 23:59:00
cvelist
cvelist
CVE-2016-4264
2016-09-01 23:00:00
zdt
zdt
Adobe ColdFusion < 11 Update 10 - XML External Entity Injection
2016-09-07 00:00:00
nessus
nessus
Adobe ColdFusion XML External Entity (XXE) Injection Information Disclosure (APSB16-30)
2016-08-31 00:00:00
exploitpack
exploitpack
Adobe ColdFusion 11 Update 10 - XML External Entity Injection
2016-09-07 00:00:00
packetstorm
packetstorm
Adobe ColdFusion 11 XML External Entity Injection
2016-09-07 00:00:00
exploitdb
exploitdb
Adobe ColdFusion &lt; 11 Update 10 - XML External Entity Injection
2016-09-07 00:00:00
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
2021-01-29 14:20:22

0.805 High

EPSS

Percentile

98.3%

JSON
Related for SILENTROBOTS:403A88E7BE195BF0DC78B8C5A050DA0C
threatpost1seebug2checkpoint_advisories1openvas1cve1nvd1adobe1prion1cvelist1zdt1nessus1exploitpack1packetstorm1exploitdb1rapid7blog1