Suche senden
Hochladen
Xxe xml external entity
•
Als PPTX, PDF herunterladen
•
1 gefällt mir
•
605 views
heeraj nair
Folgen
Cysinfo Talk on XML External Entity Attack
Weniger lesen
Mehr lesen
Internet
Melden
Teilen
Melden
Teilen
1 von 28
Jetzt herunterladen
Empfohlen
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
Kai Wähner
canvas fingerprinting,the web never forgets
canvas fingerprinting,the web never forgets
Sri427742
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
EC-Council
Ppt kkn 39
Ppt kkn 39
Sri Fatmala
333390260 9732-hydraulic-seals-technical-manual
333390260 9732-hydraulic-seals-technical-manual
Thriveni Earthmovers Pvt Lmt
What Is PRINCE2?
What Is PRINCE2?
Edesiri Onatejiroghene Ibru
Bmssystem basic-141229052438-conversion-gate02
Bmssystem basic-141229052438-conversion-gate02
manjunatha appaiah
XXE - XML External Entity Attack
XXE - XML External Entity Attack
Cysinfo Cyber Security Community
Empfohlen
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
Kai Wähner
canvas fingerprinting,the web never forgets
canvas fingerprinting,the web never forgets
Sri427742
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
When the anonymity ends for darknets - by Denis Makrushin and Maria Garnaeva
EC-Council
Ppt kkn 39
Ppt kkn 39
Sri Fatmala
333390260 9732-hydraulic-seals-technical-manual
333390260 9732-hydraulic-seals-technical-manual
Thriveni Earthmovers Pvt Lmt
What Is PRINCE2?
What Is PRINCE2?
Edesiri Onatejiroghene Ibru
Bmssystem basic-141229052438-conversion-gate02
Bmssystem basic-141229052438-conversion-gate02
manjunatha appaiah
XXE - XML External Entity Attack
XXE - XML External Entity Attack
Cysinfo Cyber Security Community
Cas d'usages métiers Letsignit
Cas d'usages métiers Letsignit
Anne-Sophie Germain
聲寶洗衣機型錄
聲寶洗衣機型錄
julia chuang
兒童音樂治療
兒童音樂治療
Alice Hui-ju Lee
EXPERIMENTAL INVESTIGATION OF SUB SOIL PROFILE USING GIS
EXPERIMENTAL INVESTIGATION OF SUB SOIL PROFILE USING GIS
IAEME Publication
Iec 60255 measuring relays and protection equipment
Iec 60255 measuring relays and protection equipment
Popa Catalina-Elena
201703 EC-CUBE 3.1開発方針説明会:機能カスタマイズ編 01_全体方針
201703 EC-CUBE 3.1開発方針説明会:機能カスタマイズ編 01_全体方針
EC-CUBE
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Cisco Canada
Introduction to Cyber Security
Introduction to Cyber Security
Vikram Nandini
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
Nicolas Brousse
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
Puppet
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Cisco Canada
VA_InterConnect2017
VA_InterConnect2017
Canturk Isci
Domain Specific Languages and C++ Code Generation
Domain Specific Languages and C++ Code Generation
Ovidiu Farauanu
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Canada
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
iThome Cloud Summit 2017 - 實戰 Hybrid Cloud 管理與安全技術
iThome Cloud Summit 2017 - 實戰 Hybrid Cloud 管理與安全技術
WAN-HSUAN KUNG
Cloud administration
Cloud administration
André Luís Cardoso
One Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue Technique
Daniel Weiss
ibm-zconnect-mule.pdf
ibm-zconnect-mule.pdf
LaLa788688
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
ThousandEyes
veeam_vbo365_short_deck.pptx
veeam_vbo365_short_deck.pptx
FadhilMuhammad80
Increasing Productivity with End-User Computing Solutions on AWS
Increasing Productivity with End-User Computing Solutions on AWS
Amazon Web Services
Weitere ähnliche Inhalte
Andere mochten auch
Cas d'usages métiers Letsignit
Cas d'usages métiers Letsignit
Anne-Sophie Germain
聲寶洗衣機型錄
聲寶洗衣機型錄
julia chuang
兒童音樂治療
兒童音樂治療
Alice Hui-ju Lee
EXPERIMENTAL INVESTIGATION OF SUB SOIL PROFILE USING GIS
EXPERIMENTAL INVESTIGATION OF SUB SOIL PROFILE USING GIS
IAEME Publication
Iec 60255 measuring relays and protection equipment
Iec 60255 measuring relays and protection equipment
Popa Catalina-Elena
201703 EC-CUBE 3.1開発方針説明会:機能カスタマイズ編 01_全体方針
201703 EC-CUBE 3.1開発方針説明会:機能カスタマイズ編 01_全体方針
EC-CUBE
Andere mochten auch
(6)
Cas d'usages métiers Letsignit
Cas d'usages métiers Letsignit
聲寶洗衣機型錄
聲寶洗衣機型錄
兒童音樂治療
兒童音樂治療
EXPERIMENTAL INVESTIGATION OF SUB SOIL PROFILE USING GIS
EXPERIMENTAL INVESTIGATION OF SUB SOIL PROFILE USING GIS
Iec 60255 measuring relays and protection equipment
Iec 60255 measuring relays and protection equipment
201703 EC-CUBE 3.1開発方針説明会:機能カスタマイズ編 01_全体方針
201703 EC-CUBE 3.1開発方針説明会:機能カスタマイズ編 01_全体方針
Ähnlich wie Xxe xml external entity
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Cisco Canada
Introduction to Cyber Security
Introduction to Cyber Security
Vikram Nandini
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
Nicolas Brousse
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
Puppet
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Cisco Canada
VA_InterConnect2017
VA_InterConnect2017
Canturk Isci
Domain Specific Languages and C++ Code Generation
Domain Specific Languages and C++ Code Generation
Ovidiu Farauanu
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Canada
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
iThome Cloud Summit 2017 - 實戰 Hybrid Cloud 管理與安全技術
iThome Cloud Summit 2017 - 實戰 Hybrid Cloud 管理與安全技術
WAN-HSUAN KUNG
Cloud administration
Cloud administration
André Luís Cardoso
One Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue Technique
Daniel Weiss
ibm-zconnect-mule.pdf
ibm-zconnect-mule.pdf
LaLa788688
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
ThousandEyes
veeam_vbo365_short_deck.pptx
veeam_vbo365_short_deck.pptx
FadhilMuhammad80
Increasing Productivity with End-User Computing Solutions on AWS
Increasing Productivity with End-User Computing Solutions on AWS
Amazon Web Services
Expand Cloud Foundry for the Enterprise
Expand Cloud Foundry for the Enterprise
VMware Tanzu
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Amazon Web Services
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
Cisco Canada
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
Check Point Software Technologies
Ähnlich wie Xxe xml external entity
(20)
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Introduction to Cyber Security
Introduction to Cyber Security
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
VA_InterConnect2017
VA_InterConnect2017
Domain Specific Languages and C++ Code Generation
Domain Specific Languages and C++ Code Generation
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
iThome Cloud Summit 2017 - 實戰 Hybrid Cloud 管理與安全技術
iThome Cloud Summit 2017 - 實戰 Hybrid Cloud 管理與安全技術
Cloud administration
Cloud administration
One Technique, Two Techniques, Red Technique, Blue Technique
One Technique, Two Techniques, Red Technique, Blue Technique
ibm-zconnect-mule.pdf
ibm-zconnect-mule.pdf
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
veeam_vbo365_short_deck.pptx
veeam_vbo365_short_deck.pptx
Increasing Productivity with End-User Computing Solutions on AWS
Increasing Productivity with End-User Computing Solutions on AWS
Expand Cloud Foundry for the Enterprise
Expand Cloud Foundry for the Enterprise
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
Kürzlich hochgeladen
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
aditipandeya
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Delhi Call girls
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
sexy call girls service in goa
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Damian Radcliffe
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
girls4nights
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
stephieert
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Sheetaleventcompany
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
Kürzlich hochgeladen
(20)
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
Xxe xml external entity
1.
Web Application Security
- Team bi0s © 2017 XXE XML External Entity 25 February 2017 @Team bi0s 1/25 HEERAJ Btech, Third Year, Computer Science Engineering Amrita University
2.
whoami Web Application Security
- Team bi0s © 2017 @Team bi0s ➔ Undergraduate Student @ Amrita ➔ Web Security Enthusiast ➔ CTF{flag_seeker} ➔ @heerajnair ➔ ww.i4info.in 2/25
3.
Agenda Web Application Security
- Team bi0s © 2017 @Team bi0s ➔Intro to XML & DTD ➔XML Entity ➔Parsing XML ➔Attack Vectors ➔Demo 3/25
4.
XML Web Application Security
- Team bi0s © 2017 @Team bi0s ➔EXtensible Markup Language 4/25 Picture:123RF.COM
5.
Where it is
used ? Web Application Security - Team bi0s © 2017 @Team bi0s ➔Document Formats ➔Image Formats ➔Configuration Files ➔Network Protocols ➔RSS Feeds … etc . . . 5/25 Picture: c-sharpcorner.com
6.
Document Type Definition Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ References an External DTD ➔ Define structure with the list of legal elements 6/25
7.
XML Entity Web Application
Security - Team bi0s © 2017 @Team bi0s ➔ Entities help to reduce the entry of repetitive information Output: Writer: Donald Duck. Copyright: bi0s. 7/25
8.
XML Entity Web Application
Security - Team bi0s © 2017 @Team bi0s XML Entity Internal Entity External Entity 8/25
9.
Parsing Web Application Security
- Team bi0s © 2017 @Team bi0s ➔ Character other than < , > , & , ‘ , “ all are parsable. ➔ PCDATA is text that will be parsed by a parser. ➔ CDATA is text that will not be parsed by a parser. ◆ Ex : <![CDATA[<data>Hello, world!]]> 9/25
10.
Attack’s Possible Web Application
Security - Team bi0s © 2017 @Team bi0s ➔ Denial Of Service ➔ Local File Inclusion ➔ SSRF ➔ Internal scans ➔ Rce (Not Always!!!) 10/25
11.
Billion Laughs Attack Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ Works by expansion property (Simple code(<1kb) will expand up to 3 gigabytes of memory. 11/25 Website: digitalimprint.com
12.
Attack Vectors Web Application
Security - Team bi0s © 2017 @Team bi0s Classic XXE We can view any file which doesn’t contain < , > , & , ‘ , “ as characters. 12/25
13.
13
14.
OFFICE OPEN XML Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ Zip archive file containing XML and media files ➔ *.docx , *.xlsx , *.pptx ➔ Developed by Microsoft 14/25
15.
OFFICE OPEN XML Web
Application Security - Team bi0s © 2017 @Team bi0s 15/25
16.
OFFICE OPEN XML Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ Files in OOXML ◆ /_rels/.rels ◆ [Content_Types].xml ◆ Default Main Document ● /word/document.xml ● /ppt/presentation.xml ● /xl/workbook.xml 16/25
17.
Direct Feedback Channel Web
Application Security - Team bi0s © 2017 @Team bi0s What if you are Reading Some configuration files? 17/25
18.
Different Protocols Web Application
Security - Team bi0s © 2017 @Team bi0s 18/25 php://filter/convert.base64-encode/resource=/etc/passwd
19.
Direct Feedback Channel Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ CDATA very helpful to read web configuration, which contain non parsable characters. But this won’t work !! 19/25
20.
Direct Feedback Channel Web
Application Security - Team bi0s © 2017 @Team bi0s 20/25 1. XML Request Parsing Attacker’s Server Host
21.
Direct Feedback Channel Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ We have to use Parameter entities ➢ Parameter.dtd 21/25
22.
Out Of Band
Channel Web Application Security - Team bi0s © 2017 @Team bi0s 22/25 1. XML Request Parsing Attacker’s Server Host
23.
Out Of Band
Channel Web Application Security - Team bi0s © 2017 @Team bi0s ➔ No Direct Feedback Channel 23/25
24.
Demo Web Application Security
- Team bi0s © 2017 @Team bi0s XXE Cheat Sheet: http://web-in-security.blogspot.in/2016/03/xxe-cheat-sheet.html 24/25
25.
Solution Web Application Security
- Team bi0s © 2017 @Team bi0s ➢ Validation of user input ➢ Turn off external DTD fetching ➢ Disable External Entity Parsing libxml_disable_entity_loader(true);(PHP) 25/25
26.
26
27.
Playing With Content
Type Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Server may accept multiple data formats ➔ Results in Json endpoints may be vulnerable to XXE ➔ Content-Type changed to application/xml ➔ JSON has to be converted to XML 27/25
28.
OFFICE OPEN XML Web
Application Security - Team bi0s © 2017 @Team bi0s 28/25 Open XML File Container Document Properties Custom Defined XML Comments WordML/ SpreadsheetML etc Embedded Code/Macros Images, Video, Sound Files Charts
Hinweis der Redaktion
RSS/xhtml/svg/opendocument/kml/xslt/soap/saml… And Many more are written in XML
Defines the structure, attributes and the legal elements of XML #PCDATA - parsable text data Note defines this must contain to, from, heading,body
Used to include some documents
Public and SYSTEM are the 2 external entities.
Dos( by reading /dev/zero loops
Found Long back in 2002
File that are present in the zip archive
File that are present in the zip archive
But this will not work with the above example, we get the error: “XML document structures must start and end within the same entity.”
In the first case it was from same dtd Here we have used different dtd
In the first case it was from same dtd Here we have used different dtd
In the first case it was from same dtd Here we have used different dtd
In the first case it was from same dtd Here we have used different dtd
File that are present in the zip archive
File that are present in the zip archive
File that are present in the zip archive
Jetzt herunterladen