{"vulnerability": "CVE-2015-0250", "sightings": [{"uuid": "db6cdc92-7b45-4102-b61c-eac0783f1f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0250", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1420/", "content": "", "creation_timestamp": "2024-10-18T05:00:00.000000Z"}, {"uuid": "26ca9d2f-7cb4-46d1-ba52-a7ef02d4154e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0250", "type": "published-proof-of-concept", "source": "https://t.me/arm1tage/485", "content": "XXE\n\n\ud83e\udd281. Blind XXE with out-of-band interaction via XML parameter entities\n %xxe; ]>\n\n\n\ud83e\udd282. Exploiting blind XXE to exfiltrate data using a malicious external DTD\nObserve Submit feedback, paste xml file with the next content:\n\n\">\n%eval;\n%exfiltrate;\nCheck /product/stock page and paste the next XXE payload:\n%io7ju; ]>\n\n\n\ud83e\udd283. Exploiting blind XXE to retrieve data via error messages\nObserve Submit feedback, paste xml file with the next content:\n\n\">\n%eval;\n%error;\nCheck /product/stock page and paste the next XXE payload:\n%io7ju; ]>\nThis will referrer to localhost with our previously created file and get content of /etc/passwd via error message.\n\n\n\ud83e\udd284. Exploiting XInclude to retrieve files\n\n\n\n\n\ud83e\udd285. Exploiting XXE via image file upload\nhttps://insinuator.net/2015/03/xxe-injection-in-apache-batik-library-cve-2015-0250/\n\n\n#portswigger", "creation_timestamp": "2023-01-30T14:40:15.000000Z"}]}