.. / CVE-2013-7285

Exploit for XStream <1.4.6/1.4.10 - Remote Code Execution (CVE-2013-7285)

Description:

Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Nuclei Template

View the template here CVE-2013-7285.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2013/CVE-2013-7285.yaml

References:

https://www.mail-archive.com/[email protected]/msg00604.html
https://www.mail-archive.com/[email protected]/msg00607.html
https://blog.csdn.net/Xxy605/article/details/126297121
https://nvd.nist.gov/vuln/detail/cve-2013-7285
https://x-stream.github.io/CVE-2013-7285.html

.. / CVE-2013-7285 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for XStream <1.4.6/1.4.10 - Remote Code Execution (CVE-2013-7285)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2013-7285