Advertisement
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack
XXE - XML External Entity Attack

Check these out next

Threat Hunting
Threat Hunting
Splunk
F5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
Denis Kolegov
Cross site scripting (xss)
Cross site scripting (xss)
Ritesh Gupta
SQL Injection
SQL Injection
Adhoura Academy
DNS exfiltration using sqlmap
DNS exfiltration using sqlmap
Miroslav Stampar
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
Daniel Bohannon
The Same-Origin Policy
The Same-Origin Policy
Fabrizio Farinacci
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
1 of 25

XXE - XML External Entity Attack

Feb. 27, 2017
Download to read offline
Software

XXE - XML External Entity Attack

Cysinfo Cyber Security Community
Advertisement
Advertisement
Advertisement

Recommended

XML External Entity (XXE)XML External Entity (XXE)
XML External Entity (XXE)Jay Thakker764 views13 slides
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)Michael Furman1.6K views24 slides
XML & XPath InjectionsXML & XPath Injections
XML & XPath InjectionsAMol NAik4.9K views37 slides
Dom based xssDom based xss
Dom based xssLê Giáp3K views24 slides
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxAaron Weaver918 views71 slides
The Cross Site Scripting GuideThe Cross Site Scripting Guide
The Cross Site Scripting GuideDaisuke_Dan2.2K views10 slides

More Related Content

Slideshows for you(20)

Threat HuntingThreat Hunting
Threat Hunting
Splunk3.9K views
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
Denis Kolegov3.1K views
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
Ritesh Gupta1.3K views
SQL Injection SQL Injection
SQL Injection
Adhoura Academy14K views
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
Miroslav Stampar33.6K views
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
Daniel Bohannon6.9K views
The Same-Origin PolicyThe Same-Origin Policy
The Same-Origin Policy
Fabrizio Farinacci652 views
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi26.2K views
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology4.1K views
Intro to HTML and CSS basicsIntro to HTML and CSS basics
Intro to HTML and CSS basics
Eliran Eliassy1.6K views
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
Juan F. Padilla10.6K views
Offensive OSINTOffensive OSINT
Offensive OSINT
Christian Martorella12.7K views
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
Lior Rotkovitch424 views
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
Bernardo Damele A. G.33.3K views
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
MITRE ATT&CK3.1K views
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community2.1K views
SsrfSsrf
Ssrf
Ilan Mindel474 views
Local File Inclusion to Remote Code ExecutionLocal File Inclusion to Remote Code Execution
Local File Inclusion to Remote Code Execution
n|u - The Open Security Community11K views
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov14.3K views
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
Herman Duarte56.1K views

Similar to XXE - XML External Entity Attack (20)

Xxe xml external entityXxe xml external entity
Xxe xml external entity
heeraj nair599 views
Domain Specific Languages and C++ Code GenerationDomain Specific Languages and C++ Code Generation
Domain Specific Languages and C++ Code Generation
Ovidiu Farauanu1.4K views
Fine Tune Your Archive: Best Practices for Optimizing Enterprise Vault Fine Tune Your Archive: Best Practices for Optimizing Enterprise Vault
Fine Tune Your Archive: Best Practices for Optimizing Enterprise Vault
Veritas Technologies LLC1.8K views
BAP203-Secure File Collaboration and Management Simplified with Amazon WorkDocsBAP203-Secure File Collaboration and Management Simplified with Amazon WorkDocs
BAP203-Secure File Collaboration and Management Simplified with Amazon WorkDocs
Amazon Web Services877 views
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Amazon Web Services545 views
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Canada270 views
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Cisco Canada156 views
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Vikram Nandini421 views
intergator as a comprehensive and holistic information management platformintergator as a comprehensive and holistic information management platform
intergator as a comprehensive and holistic information management platform
Eduard Daoud444 views
Document Archiving & Sharing SystemDocument Archiving & Sharing System
Document Archiving & Sharing System
Ashik Iqbal2.4K views
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
Puppet430 views
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
Nicolas Brousse346 views
Cisco connect winnipeg 2018 we make it simpleCisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Cisco Canada342 views
Dennis Wisnowsky PresentationDennis Wisnowsky Presentation
Dennis Wisnowsky Presentation
Mediabistro888 views
Cloud Storage System like DropboxCloud Storage System like Dropbox
Cloud Storage System like Dropbox
IRJET Journal3 views
X internet frameworkX internet framework
X internet framework
Neha Malik788 views
VA_InterConnect2017VA_InterConnect2017
VA_InterConnect2017
Canturk Isci93 views
Don't waste you time searching IBM Connections cloudDon't waste you time searching IBM Connections cloud
Don't waste you time searching IBM Connections cloud
mmi-consult98 views
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group1.8K views
Increasing Productivity with End-User Computing Solutions on AWS Increasing Productivity with End-User Computing Solutions on AWS
Increasing Productivity with End-User Computing Solutions on AWS
Amazon Web Services356 views
Advertisement

More from Cysinfo Cyber Security Community(20)

Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Cysinfo Cyber Security Community4K views
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Cysinfo Cyber Security Community569 views
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Cysinfo Cyber Security Community619 views
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community570 views
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community1.5K views
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Cysinfo Cyber Security Community4.2K views
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community1.4K views
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Cysinfo Cyber Security Community656 views
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
Cysinfo Cyber Security Community1.2K views
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Cysinfo Cyber Security Community574 views
Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Cysinfo Cyber Security Community763 views
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Cysinfo Cyber Security Community798 views
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
Cysinfo Cyber Security Community393 views
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Cysinfo Cyber Security Community525 views
Dynamic binary analysis using angr siddharth muraleeDynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Cysinfo Cyber Security Community711 views
Bit flipping attack on aes cbc - ashutosh ahelleyaBit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Cysinfo Cyber Security Community2.4K views
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
Cysinfo Cyber Security Community1.3K views
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
Cysinfo Cyber Security Community2.5K views
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community1.1K views
ATM Malware: Understanding the threat ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Cysinfo Cyber Security Community3K views

Recently uploaded(20)

Top 8 Email Alternatives for Effective Business Communication - Slideshare.docxTop 8 Email Alternatives for Effective Business Communication - Slideshare.docx
Top 8 Email Alternatives for Effective Business Communication - Slideshare.docx
Yoroflow 4 views
The art of AI ArtThe art of AI Art
The art of AI Art
Dennis Vroegop6 views
QA or the Highway - Extra-functional testing, improve how you observe the sys...QA or the Highway - Extra-functional testing, improve how you observe the sys...
QA or the Highway - Extra-functional testing, improve how you observe the sys...
Federico Toledo8 views
Ramp up your testing solution, ExpoQA 2023Ramp up your testing solution, ExpoQA 2023
Ramp up your testing solution, ExpoQA 2023
Gáspár Nagy5 views
ASDialer | Differences between Predictive and Progressive Dialers In 2023ASDialer | Differences between Predictive and Progressive Dialers In 2023
ASDialer | Differences between Predictive and Progressive Dialers In 2023
Aresync3 views
03_clere_Proxing to tomcat with httpd.pdf03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf
Jean-Frederic Clere4 views
Geminate IM Voice SpeakerGeminate IM Voice Speaker
Geminate IM Voice Speaker
Geminate Consultancy Services0 views
module_1-_5_computer_software.pptmodule_1-_5_computer_software.ppt
module_1-_5_computer_software.ppt
MufarowasheBingeping2 views
如何办理一份高仿利兹大学毕业证成绩单?如何办理一份高仿利兹大学毕业证成绩单?
如何办理一份高仿利兹大学毕业证成绩单?
aazepp2 views
Data Communication-1.pptData Communication-1.ppt
Data Communication-1.ppt
ssusere16bd92 views
lecture 6 DES part1.pdflecture 6 DES part1.pdf
lecture 6 DES part1.pdf
ssuser6c541312 views
PyCon Ireland 2022 - PyArrow full stack.pdfPyCon Ireland 2022 - PyArrow full stack.pdf
PyCon Ireland 2022 - PyArrow full stack.pdf
Alessandro Molina5 views
Access Specifier and encapusulation.pdfAccess Specifier and encapusulation.pdf
Access Specifier and encapusulation.pdf
SunithaKrishnan92 views
C++_programs.pptC++_programs.ppt
C++_programs.ppt
EPORI2 views
Clinic Management System Clinic Management System
Clinic Management System
Geminate Consultancy Services0 views
【本科生、研究生】澳洲澳大利亚天主教大学毕业证文凭购买指南【本科生、研究生】澳洲澳大利亚天主教大学毕业证文凭购买指南
【本科生、研究生】澳洲澳大利亚天主教大学毕业证文凭购买指南
sutseu0 views
Customising MS Office Ribbon & Quick Access Toolbar.pptxCustomising MS Office Ribbon & Quick Access Toolbar.pptx
Customising MS Office Ribbon & Quick Access Toolbar.pptx
Ruth Weal5 views
【本科生、研究生】美国罗格斯大学毕业证文凭购买指南【本科生、研究生】美国罗格斯大学毕业证文凭购买指南
【本科生、研究生】美国罗格斯大学毕业证文凭购买指南
sutseu0 views
【本科生、研究生】美国亨德森州立大学毕业证文凭购买指南【本科生、研究生】美国亨德森州立大学毕业证文凭购买指南
【本科生、研究生】美国亨德森州立大学毕业证文凭购买指南
sutseu0 views
software companies in oamn muscat.pdfsoftware companies in oamn muscat.pdf
software companies in oamn muscat.pdf
WideSolutions3 views
Advertisement

XXE - XML External Entity Attack

  1. Web Application Security - Team bi0s © 2017 XXE XML External Entity 25 February 2017 @Team bi0s 1/25 HEERAJ Btech, Third Year, Computer Science Engineering Amrita University
  2. whoami Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Undergraduate Student @ Amrita ➔ Web Security Enthusiast ➔ CTF{flag_seeker} ➔ @HRJ ➔ ww.i4info.in 2/25
  3. Agenda Web Application Security - Team bi0s © 2017 @Team bi0s ➔Intro to XML & DTD ➔XML Entity ➔Parsing XML ➔Attacks Vector ➔Demo 3/25
  4. XML Web Application Security - Team bi0s © 2017 @Team bi0s ➔EXtensible Markup Language 4/25 Picture:123RF.COM
  5. Where it is used ? Web Application Security - Team bi0s © 2017 @Team bi0s ➔Document Formats ➔Image Formats ➔Configuration Files ➔Network Protocols ➔RSS Feeds … etc . . . 5/25 Picture: c-sharpcorner.com
  6. Document Type Definition Web Application Security - Team bi0s © 2017 @Team bi0s ➔ References an External DTD ➔ Define structure with the list of legal elements 6/25
  7. XML Entity Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Entities help to reduce the entry of repetitive information and also allow for easier editing Output: Writer: Donald Duck. Copyright: bi0s. 7/25
  8. XML Entity Web Application Security - Team bi0s © 2017 @Team bi0s XML Entity Internal Entity External Entity 8/25
  9. Parsing Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Character other than < , > , & , ‘ , “ all are parsable. ➔ PCDATA is text that will be parsed by a parser. Tags inside the text will be treated as markup and entities will be expanded. ➔ CDATA is text that will not be parsed by a parser. 9/25
  10. Attack’s Possible Web Application Security - Team bi0s © 2017 @Team bi0s ➔ LFI ➔ SSRF ➔ Internal scans ➔ Denial of Service ➔ Rce (Not Always!!!) 10/25
  11. Attack Vectors Web Application Security - Team bi0s © 2017 @Team bi0s Classic XXE We can view any file which doesn’t contain < , > , & , ‘ , “ as characters. 11/25
  12. 12
  13. Direct Feedback Channel Web Application Security - Team bi0s © 2017 @Team bi0s What if you are Reading Some configuration files? 13
  14. Direct Feedback Channel Web Application Security - Team bi0s © 2017 @Team bi0s ➔ CDATA very helpful to read web configuration, which contain non parsable characters. But this won’t work !! 14/25
  15. Direct Feedback Channel Web Application Security - Team bi0s © 2017 @Team bi0s ➔ We have to use Parameter entities ➢ Parameter.dtd 15/25
  16. Out Of Band Channel Web Application Security - Team bi0s © 2017 @Team bi0s 16/25
  17. Out Of Band Channel Web Application Security - Team bi0s © 2017 @Team bi0s ➔ No Direct Feedback Channel 17/25 Website: http://web-in-security.blogspot.in/2016/03/xxe-cheat- sheet.html
  18. Billion Laughs Attack (Simple Denial of Service) Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Works by expansion property (Simple code(<1kb) will expand up to 3 gigabytes of memory. 18/25
  19. Different Protocols Web Application Security - Team bi0s © 2017 @Team bi0s 19/25
  20. OFFICE OPEN XML Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Zip archive file containing XML and media files ➔ *.docx , *.xlsx , *.pptx ➔ Developed by Microsoft 20/25
  21. OFFICE OPEN XML Web Application Security - Team bi0s © 2017 @Team bi0s 21/25 Open XML File Container Document Properties Custom Defined XML Comments WordML/ SpreadsheetML etc Embedded Code/Macros Images, Video, Sound Files Charts
  22. OFFICE OPEN XML Web Application Security - Team bi0s © 2017 @Team bi0s ➔ General Parsing XML ◆ /_rels/.rels ◆ [Content_Types].xml ◆ Default Main Document ● /word/document.xml ● /ppt/presentation.xml ● /xl/workbook.xml 22/25
  23. Playing With Content Type Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Server may accept multiple data formats ➔ Results in Json endpoints may be vulnerable to XXE ➔ Content-Type changed to application/xml ➔ JSON has to be converted to XML 23/25
  24. Demo Web Application Security - Team bi0s © 2017 @Team bi0s 24/25
  25. Solution Web Application Security - Team bi0s © 2017 @Team bi0s ➢ Don’t reflect the XML back to user ➢ Turn off external DTD fetching ➢ Turn off DTD ➢ Disable External Entity Parsing libxml_disable_entity_loader(true);(PHP) 25/25

Editor's Notes

  1. RSS/xhtml/svg/opendocument/kml/xslt/soap/saml… And Many more are written in XML
  2. Defines the structure, attributes and the legal elements of XML #PCDATA - parsable text data Note defines this must contain to, from, heading,body
  3. Used to include some documents
  4. Public and SYSTEM are the 2 external entities.
  5. Dos( by reading /dev/zero loops
  6. Found Long back in 2002
  7. But this will not work with the above example, we get the error: “XML document structures must start and end within the same entity.”
  8. In the first case it was from same dtd Here we have used different dtd
  9. In the first case it was from same dtd Here we have used different dtd
  10. In the first case it was from same dtd Here we have used different dtd
  11. Google toolbar you can design button using xml, the xxe was in uploading xml
  12. File that are present in the zip archive
  13. File that are present in the zip archive
  14. File that are present in the zip archive
  15. File that are present in the zip archive
Advertisement