YouKeFu XML External Entity Injection Vulnerability in Call Center Router Controller

A vulnerability allowing XML External Entity (XXE) injection has been identified in YouKeFu versions up to 4.2.0. The issue resides in the Call Center Router Controller, specifically within the routercontent parameter, which is not properly sanitized before being processed as an XML document. This vulnerability can be exploited remotely, leading to unauthorized file access, server-side request forgery (SSRF) attacks, and potentially allowing remote code execution under certain conditions.

Impact

Exploitation of this vulnerability could result in unauthorized file read access, server-side request forgery (SSRF) attacks, and in some configurations, remote code execution.

Reproduction

To reproduce this vulnerability, first add a host ID through the '/admin/callcenter/pbxhost/add' interface. After noting the host ID, use another interface to perform the XXE attack by injecting a payload through the routercontent parameter. This injection will trigger an out-of-band (OOB) request, demonstrating the successful exploitation of the XXE vulnerability.