.. / CVE-2018-8033

Exploit for Apache OFBiz 16.11.04 - XML Entity Injection (CVE-2018-8033)

Description:

Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection).

Nuclei Template

View the template here CVE-2018-8033.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-8033.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://lists.apache.org/thread.html/e8fb551e86e901932081f81ee9985bb72052b4d412f23d89b1282777@%3Cuser.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/e8fb551e86e901932081f81ee9985bb72052b4d412f23d89b1282777%40%3Cuser.ofbiz.apache.org%3E
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2018-8033