EIP-2026-107459

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107459. PoCs published by Dawid Golunski.

AI-analyzed exploit summary This exploit demonstrates an XXE (XML External Entity) injection vulnerability in the Google AdWords API client libraries (PHP, Java, .NET). The PoC shows how an attacker can perform a MitM attack to inject malicious XML, leading to arbitrary file disclosure or command execution via the 'expect' PHP module.

Description

Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection

Exploits (1)

exploitdb WORKING POC

by Dawid Golunski · textwebappsphp

https://www.exploit-db.com/exploits/38652

View Code ZIP pw:eip

This exploit demonstrates an XXE (XML External Entity) injection vulnerability in the Google AdWords API client libraries (PHP, Java, .NET). The PoC shows how an attacker can perform a MitM attack to inject malicious XML, leading to arbitrary file disclosure or command execution via the 'expect' PHP module.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Google AdWords API client libraries (googleads-php-lib <= 6.2.0, googleads-java-lib, googleads-dotnet-lib)

No auth needed

Prerequisites: MitM attack (e.g., DNS spoofing, ARP spoofing) · Victim application using vulnerable AdWords API client library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204.001 - Malicious Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection

Exploitation Summary

Description

Exploits (1)

Details