lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM+tmNWisJ4ba8cPi7AktgmTzfNCA9Urt+2yWkaj_ShRYd2nrw@mail.gmail.com> Date: Mon, 12 Feb 2018 10:40:10 -0500 From: Ismail Doe <ismail.sec.dev@...il.com> To: fulldisclosure@...lists.org Subject: Re: [FD] SoapUI v5.3.0 Code Execution Hey, it's actually CVE-2017-16670. Could this be updated? Sorry about that. -Ismail On Tue, Feb 6, 2018 at 2:43 PM, Ismail Doe <ismail.sec.dev@...il.com> wrote: > Document Title: > =============== > SoapUI Arbitrary Code Execution via Malicious Project > > Product Description: > =============== > SoapUI is the world's most widely-used testing tool for SOAP and REST > APIs. Write, run, integrate, and automate advanced API Tests with ease. > > Homepage: https://www.soapui.org/ > > PoC: > =============== > > 1) User Imports a malicious project file that contains a request with a > malicious end point (Java code that gets executed) > 2) User submits the request > 3) Code executes > > Stack trace of code execution: > > at java.lang.ProcessBuilder.start(ProcessBuilder.java:1041) > at java.lang.Runtime.exec(Runtime.java:617) > at java.lang.Runtime.exec(Runtime.java:450) > at java.lang.Runtime.exec(Runtime.java:347) > at java_lang_Runtime$exec.call(Unknown Source) > at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCa > ll(CallSiteArray.java:45) > at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call( > AbstractCallSite.java:108) > at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call( > AbstractCallSite.java:116) > at Script3.run(Script3.groovy:1) > at com.eviware.soapui.support.scripting.groovy.SoapUIGroovyScri > ptEngine.run(SoapUIGroovyScriptEngine.java:90) > at com.eviware.soapui.model.propertyexpansion.resolvers.EvalPro > pertyResolver.doEval(EvalPropertyResolver.java:163) > at com.eviware.soapui.model.propertyexpansion.resolvers.EvalPro > pertyResolver.resolveProperty(EvalPropertyResolver.java:143) > at com.eviware.soapui.model.propertyexpansion.PropertyExpander. > expand(PropertyExpander.java:199) > at com.eviware.soapui.model.propertyexpansion.PropertyExpander. > expandProperties(PropertyExpander.java:133) > at com.eviware.soapui.impl.wsdl.WsdlRequest.submit(WsdlRequest.java:208) > at com.eviware.soapui.impl.wsdl.panels.request.AbstractWsdlRequ > estDesktopPanel.doSubmit(AbstractWsdlRequestDesktopPanel.java:141) > > > CVE-2017-1667 > > > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists