Prizm Content Connect v10.5.1030.8315 - XXE

EDB-ID:

51185

CVE:

N/A


Author:

xhzeem

Type:

webapps


Platform:

PHP

Date:

2023-04-01


# Exploit Title: Prizm Content Connect v10.5.1030.8315 - XXE
# Date: 21/12/2022
# Exploit Author: @xhzeem
# Vendor Homepage:
https://help.accusoft.com/PCC/v9.0/HTML/About%20Prizm%20Content%20Connect.html
# Version: v10.5.1030.8315

The Prizm Content Connect v10.5.1030.8315 is vulnerable to XXE

Proof Of Concept:

http://www.example.com/default.aspx?document=file.xml

The file.xml can have an OoB XXE payload or any other blind XXE exploit.