Full Disclosure

Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure

April 4, 2017 007admin Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workplace-management-system-xml-external-entity-xxe-injection-file-disclosure.html

Date:
04-Apr-2017

Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)

Versions affected:
9.x

Vulnerability:
XML External Entity injection (XXE)

Example:

There is an XXE in services such as:

https://[target]/services/WSFUNCTION
https://[target]/services/WSGRID…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information