In class Pay2PayPayment(application\components\payment\Pay2PayPayment.php), there is an XXE vulnerability in checkResult function.
public function checkResult($hash = '')
{
if (isset($_POST['xml'], $_POST['sign'])) {
$xml = base64_decode(str_replace(' ', '+', $_POST['xml']));
$sign = base64_decode(str_replace(' ', '+', $_POST['sign']));
$data = simplexml_load_string($xml);
The user input($_POST['xml']) has been put into simplexml_load_string without sanitation.
Although this parser does not print anything, attackers could also use blind XXE to get sensitive information.
You could use libxml_disable_entity_loader(true); to avoid this vulnerability. Thx
In class Pay2PayPayment(application\components\payment\Pay2PayPayment.php), there is an XXE vulnerability in checkResult function.
The user input($_POST['xml']) has been put into simplexml_load_string without sanitation. Although this parser does not print anything, attackers could also use blind XXE to get sensitive information. You could use
libxml_disable_entity_loader(true);
to avoid this vulnerability. Thx