.. / CVE-2020-24589

Exploit for WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection (CVE-2020-24589)

Description:

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.

Nuclei Template

View the template here CVE-2020-24589.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-24589.yaml

References:

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/athiththan11/WSO2-CVE-Extractor
https://nvd.nist.gov/vuln/detail/CVE-2020-24589

.. / CVE-2020-24589 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection (CVE-2020-24589)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-24589