Title:Apache OFBiz 安全漏洞 (CVE-2018-8033) Description:In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.
Description
Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection).
File Snapshot
id: CVE-2018-8033
info:
name: Apache OFBiz 16.11.04 - XML Entity Injection
author: pikpikcu
s
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →