DroidDLNA is a full featured android DLNA App, with support of UPnP/DLNA Control Point, UPnP Media Renderer and UPnP Media Server. This app is based on Cling 2.0
GNU General Public License v3.0
331
stars
132
forks
source link
XML external entity (XXE) vulnerability: Out-of-Band XXE in SSDP Processing #8
The XML parser don't disable the inline DTDs parsing by default or do not provide a mean to disable it AFAIK.
The XML parsing engine in SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:
Access arbitrary files from the filesystem with the same permission as the user account running UMS.
Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password.
Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
The XML parser don't disable the inline DTDs parsing by default or do not provide a mean to disable it AFAIK.
The XML parsing engine in SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:
Exploitation can be demonstrated using evil-ssdp (https://gitlab.com/initstring/evil-ssdp).