Share
## https://sploitus.com/exploit?id=ABC31D52-93E0-502E-A47D-A58051EFB1E5
# CVE-2023-45612 PoC

This repository contains a proof of concept (PoC) for CVE-2023-45612 which allowed XXE in the default configuration of ContentNegotiation in ktor.
The PoC is split into 2 parts:
- `server/`, containing an example of a Ktor server using an affected version of Ktor, with an endpoint susceptible to the attack
- `client/`, containing a Python script that demonstrates using the XXE vulnerability in the example server to achieve LFI

## Reproduction steps
Both the server and the client can be started by running `docker compose up` from this repository's root directory. After the server starts (might take a couple of seconds), the client will automatically perform the attack.