module
Atlassian Crowd XML Entity Expansion Remote File Access
Disclosed | Created |
---|---|
N/A | May 30, 2018 |
Disclosed
N/A
Created
May 30, 2018
Description
This module simply attempts to read a remote file from the server using a
vulnerability in the way Atlassian Crowd handles XML files. The vulnerability
occurs while trying to expand external entities with the SYSTEM identifier. This
module has been tested successfully on Linux and Windows installations of Crowd.
vulnerability in the way Atlassian Crowd handles XML files. The vulnerability
occurs while trying to expand external entities with the SYSTEM identifier. This
module has been tested successfully on Linux and Windows installations of Crowd.
Authors
Will Caput
Trevor Hartman
Thaddeus Bogner
juan vazquez juan.vazquez@metasploit.com
Trevor Hartman
Thaddeus Bogner
juan vazquez juan.vazquez@metasploit.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.