WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content
This repository was archived by the owner on Oct 1, 2020. It is now read-only.
This repository was archived by the owner on Oct 1, 2020. It is now read-only.

XML External Entity (XXE) Vulnerability in Latest Release #676

Open
Open
XML External Entity (XXE) Vulnerability in Latest Release#676
@HatBoy

Description

@HatBoy
HatBoy
opened on Mar 21, 2019

Hi, I would like to report XML External Entity (XXE) vulnerability in latest release.
Description:
XML External Entity (XXE) vulnerability in quokka/utils/atom.py 157 line and auokka/core/content/views.py 94 line, Because there is no filter authors, title.
Steps To Reproduce:
1.Create a article, title and authors can insert XML payload.
2.Open the url:
http://192.168.100.8:8000/author/{author}/index.rss
http://192.168.100.8:8000/author/{author}/index.atom
can see the title and authors has inserted into the XML.
3
4
5

author by [email protected]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions