MSN Password Recovery XML External Entity Injection Vulnerability

A XML external entity injection vulnerability has been identified in MSN Password Recovery version 1.30. This vulnerability allows attackers to read local system files by exploiting the 'Favorites' tab with crafted XML input that references external entities. The injection can be used to retrieve sensitive system configuration information.

Impact

Exploitation of this vulnerability allows for unauthorized access to local system files, potentially leading to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, first set up a simple HTTP server to host the malicious DTD file. Create a malicious XML file that includes an external entity reference to a sensitive system file, such as 'C:\Windows\win.ini'. Open MSN Password Recovery 1.30, navigate to the 'Favorites' tab, and upload the crafted XML file. Once the 'View' button is clicked, the external entity injection will be successful, and the referenced file will be accessed through the HTTP server.