beefproject/beef

Add IE11 XXE to read local files

Open

#1,715 opened on Apr 12, 2019

View on GitHub
 (1 comment) (2 reactions) (0 assignees)JavaScript (1,992 forks)batch import
Good First IssueLowModuleSuggestion

Repository metrics

Stars
 (8,637 stars)
PR merge metrics
 (Avg merge 11h 55m) (19 merged PRs in 30d)

Description

There seem to be a XXE vulnerability in IE 11 which allows to read every local file: https://packetstormsecurity.com/files/152484/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt

would be nice to include this ;-)

Contributor guide