Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-45612 PoC — JetBrains Ktor 代码问题漏洞

Source
https://github.com/ksaweryr/CVE-2023-45612-PoC
Associated Vulnerability
Title:JetBrains Ktor 代码问题漏洞 (CVE-2023-45612)
Description:In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
Description
Proof of concept for XXE in Ktor (CVE-2023-45612)
Readme
# CVE-2023-45612 PoC

This repository contains a proof of concept (PoC) for CVE-2023-45612 which allowed XXE in the default configuration of ContentNegotiation in ktor.
The PoC is split into 2 parts:
- `server/`, containing an example of a Ktor server using an affected version of Ktor, with an endpoint susceptible to the attack
- `client/`, containing a Python script that demonstrates using the XXE vulnerability in the example server to achieve LFI

## Reproduction steps
Both the server and the client can be started by running `docker compose up` from this repository's root directory. After the server starts (might take a couple of seconds), the client will automatically perform the attack.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →