Full Disclosure mailing list archives
Re: SoapUI v5.3.0 Code Execution
From: Ismail Doe <ismail.sec.dev () gmail com>
Date: Mon, 12 Feb 2018 10:40:10 -0500
Hey, it's actually CVE-2017-16670. Could this be updated? Sorry about that. -Ismail On Tue, Feb 6, 2018 at 2:43 PM, Ismail Doe <ismail.sec.dev () gmail com> wrote:
Document Title: =============== SoapUI Arbitrary Code Execution via Malicious Project Product Description: =============== SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced API Tests with ease. Homepage: https://www.soapui.org/ PoC: =============== 1) User Imports a malicious project file that contains a request with a malicious end point (Java code that gets executed) 2) User submits the request 3) Code executes Stack trace of code execution: at java.lang.ProcessBuilder.start(ProcessBuilder.java:1041) at java.lang.Runtime.exec(Runtime.java:617) at java.lang.Runtime.exec(Runtime.java:450) at java.lang.Runtime.exec(Runtime.java:347) at java_lang_Runtime$exec.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCa ll(CallSiteArray.java:45) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call( AbstractCallSite.java:108) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call( AbstractCallSite.java:116) at Script3.run(Script3.groovy:1) at com.eviware.soapui.support.scripting.groovy.SoapUIGroovyScri ptEngine.run(SoapUIGroovyScriptEngine.java:90) at com.eviware.soapui.model.propertyexpansion.resolvers.EvalPro pertyResolver.doEval(EvalPropertyResolver.java:163) at com.eviware.soapui.model.propertyexpansion.resolvers.EvalPro pertyResolver.resolveProperty(EvalPropertyResolver.java:143) at com.eviware.soapui.model.propertyexpansion.PropertyExpander. expand(PropertyExpander.java:199) at com.eviware.soapui.model.propertyexpansion.PropertyExpander. expandProperties(PropertyExpander.java:133) at com.eviware.soapui.impl.wsdl.WsdlRequest.submit(WsdlRequest.java:208) at com.eviware.soapui.impl.wsdl.panels.request.AbstractWsdlRequ estDesktopPanel.doSubmit(AbstractWsdlRequestDesktopPanel.java:141) CVE-2017-1667
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SoapUI v5.3.0 Code Execution Ismail Doe (Feb 09)
- Re: SoapUI v5.3.0 Code Execution Ismail Doe (Feb 13)