Jinher OA XXE Injection Vulnerability in DelTemp.aspx

A critical XML External Entity (XXE) injection vulnerability has been identified in Jinher OA version 1.0, specifically within the DelTemp.aspx endpoint. This vulnerability allows unauthenticated attackers to send crafted XML documents that include external entity references. The server processes these references, which can lead to unauthorized data access and exfiltration using out-of-band techniques. Exploitation of this vulnerability could also facilitate reading arbitrary files, conducting server-side request forgery (SSRF) attacks, scanning internal networks, and potentially executing remote code.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files, internal network scanning, and potentially remote code execution.

Reproduction

To reproduce this vulnerability, send a POST request to the DelTemp.aspx endpoint with a crafted XML payload that includes external entity references. The server will process the XML, allowing for data exfiltration via HTTP requests to an external server controlled by the attacker.

Remediation

It is recommended to disable XML External Entity processing in the application's XML parser, implement strict input validation to reject XML documents with DOCTYPE declarations, and consider using alternative data formats like JSON. Regular security audits and monitoring for vendor patches are also advised.