Submit Search
Upload
XXE - XML External Entity Attack
•
Download as PPTX, PDF
•
5 likes
•
3,810 views
C
Cysinfo Cyber Security Community
Follow
XXE - XML External Entity Attack
Read less
Read more
Software
Report
Share
Report
Share
1 of 25
Download now
Recommended
XML External Entity (XXE)
XML External Entity (XXE)
Jay Thakker
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)
Michael Furman
XXE
XXE
n|u - The Open Security Community
XXE injection - Nguyễn Tăng Hưng
XXE injection - Nguyễn Tăng Hưng
Võ Thái Lâm
XML & XPath Injections
XML & XPath Injections
AMol NAik
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
Php with MYSQL Database
Php with MYSQL Database
Computer Hardware & Trouble shooting
Recommended
XML External Entity (XXE)
XML External Entity (XXE)
Jay Thakker
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)
Michael Furman
XXE
XXE
n|u - The Open Security Community
XXE injection - Nguyễn Tăng Hưng
XXE injection - Nguyễn Tăng Hưng
Võ Thái Lâm
XML & XPath Injections
XML & XPath Injections
AMol NAik
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
Php with MYSQL Database
Php with MYSQL Database
Computer Hardware & Trouble shooting
Hands-On XML Attacks
Hands-On XML Attacks
Toe Khaing
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Security Vulnerabilities
Security Vulnerabilities
Marius Vorster
Intro to Web Application Security
Intro to Web Application Security
Rob Ragan
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
Introduction to Metasploit
Introduction to Metasploit
GTU
sqlmap internals
sqlmap internals
Miroslav Stampar
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
Ldap intro
Ldap intro
yousry ibrahim
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
Xml
Xml
Dr. C.V. Suresh Babu
Sql injection
Sql injection
Nitish Kumar
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
EC-Council
Insecure direct object reference (null delhi meet)
Insecure direct object reference (null delhi meet)
Abhinav Mishra
MYSQL - PHP Database Connectivity
MYSQL - PHP Database Connectivity
V.V.Vanniaperumal College for Women
Command injection
Command injection
penetration Tester
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events
WebStackAcademy
Chap 4 PHP.pdf
Chap 4 PHP.pdf
HASENSEID
Xxe xml external entity
Xxe xml external entity
heeraj nair
Domain Specific Languages and C++ Code Generation
Domain Specific Languages and C++ Code Generation
Ovidiu Farauanu
More Related Content
What's hot
Hands-On XML Attacks
Hands-On XML Attacks
Toe Khaing
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Security Vulnerabilities
Security Vulnerabilities
Marius Vorster
Intro to Web Application Security
Intro to Web Application Security
Rob Ragan
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
Introduction to Metasploit
Introduction to Metasploit
GTU
sqlmap internals
sqlmap internals
Miroslav Stampar
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
Ldap intro
Ldap intro
yousry ibrahim
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
Xml
Xml
Dr. C.V. Suresh Babu
Sql injection
Sql injection
Nitish Kumar
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
EC-Council
Insecure direct object reference (null delhi meet)
Insecure direct object reference (null delhi meet)
Abhinav Mishra
MYSQL - PHP Database Connectivity
MYSQL - PHP Database Connectivity
V.V.Vanniaperumal College for Women
Command injection
Command injection
penetration Tester
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events
WebStackAcademy
Chap 4 PHP.pdf
Chap 4 PHP.pdf
HASENSEID
What's hot
(20)
Hands-On XML Attacks
Hands-On XML Attacks
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
Security Vulnerabilities
Security Vulnerabilities
Intro to Web Application Security
Intro to Web Application Security
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Introduction to Metasploit
Introduction to Metasploit
sqlmap internals
sqlmap internals
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Ldap intro
Ldap intro
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Xml
Xml
Sql injection
Sql injection
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
Insecure direct object reference (null delhi meet)
Insecure direct object reference (null delhi meet)
MYSQL - PHP Database Connectivity
MYSQL - PHP Database Connectivity
Command injection
Command injection
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events
Chap 4 PHP.pdf
Chap 4 PHP.pdf
Similar to XXE - XML External Entity Attack
Xxe xml external entity
Xxe xml external entity
heeraj nair
Domain Specific Languages and C++ Code Generation
Domain Specific Languages and C++ Code Generation
Ovidiu Farauanu
Fine Tune Your Archive: Best Practices for Optimizing Enterprise Vault
Fine Tune Your Archive: Best Practices for Optimizing Enterprise Vault
Veritas Technologies LLC
BAP203-Secure File Collaboration and Management Simplified with Amazon WorkDocs
BAP203-Secure File Collaboration and Management Simplified with Amazon WorkDocs
Amazon Web Services
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Amazon Web Services
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Canada
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Cisco Canada
Introduction to Cyber Security
Introduction to Cyber Security
Vikram Nandini
intergator as a comprehensive and holistic information management platform
intergator as a comprehensive and holistic information management platform
Eduard Daoud
Document Archiving & Sharing System
Document Archiving & Sharing System
Ashik Iqbal
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
Nicolas Brousse
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
Puppet
veeam_vbo365_short_deck.pptx
veeam_vbo365_short_deck.pptx
FadhilMuhammad80
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Cisco Canada
Dennis Wisnowsky Presentation
Dennis Wisnowsky Presentation
Mediabistro
Cloud Storage System like Dropbox
Cloud Storage System like Dropbox
IRJET Journal
X internet framework
X internet framework
Neha Malik
VA_InterConnect2017
VA_InterConnect2017
Canturk Isci
Don't waste you time searching IBM Connections cloud
Don't waste you time searching IBM Connections cloud
mmi-consult
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
Similar to XXE - XML External Entity Attack
(20)
Xxe xml external entity
Xxe xml external entity
Domain Specific Languages and C++ Code Generation
Domain Specific Languages and C++ Code Generation
Fine Tune Your Archive: Best Practices for Optimizing Enterprise Vault
Fine Tune Your Archive: Best Practices for Optimizing Enterprise Vault
BAP203-Secure File Collaboration and Management Simplified with Amazon WorkDocs
BAP203-Secure File Collaboration and Management Simplified with Amazon WorkDocs
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Say Goodbye to Legacy Network File Shares with Amazon WorkDocs Drive (BAP208)...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Introduction to Cyber Security
Introduction to Cyber Security
intergator as a comprehensive and holistic information management platform
intergator as a comprehensive and holistic information management platform
Document Archiving & Sharing System
Document Archiving & Sharing System
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017 | Adobe Advertising Cloud: A Lean Puppet Workflow to Support ...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
PuppetConf 2017: Adobe Advertising Cloud: Lean Puppet Workflow to Support Mul...
veeam_vbo365_short_deck.pptx
veeam_vbo365_short_deck.pptx
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Dennis Wisnowsky Presentation
Dennis Wisnowsky Presentation
Cloud Storage System like Dropbox
Cloud Storage System like Dropbox
X internet framework
X internet framework
VA_InterConnect2017
VA_InterConnect2017
Don't waste you time searching IBM Connections cloud
Don't waste you time searching IBM Connections cloud
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
More from Cysinfo Cyber Security Community
Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Cysinfo Cyber Security Community
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Cysinfo Cyber Security Community
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Cysinfo Cyber Security Community
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Cysinfo Cyber Security Community
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Cysinfo Cyber Security Community
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
Cysinfo Cyber Security Community
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Cysinfo Cyber Security Community
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Cysinfo Cyber Security Community
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Cysinfo Cyber Security Community
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
Cysinfo Cyber Security Community
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Cysinfo Cyber Security Community
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Cysinfo Cyber Security Community
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Cysinfo Cyber Security Community
Security Analytics using ELK stack
Security Analytics using ELK stack
Cysinfo Cyber Security Community
Linux Malware Analysis
Linux Malware Analysis
Cysinfo Cyber Security Community
Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Cysinfo Cyber Security Community
More from Cysinfo Cyber Security Community
(20)
Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Security Analytics using ELK stack
Security Analytics using ELK stack
Linux Malware Analysis
Linux Malware Analysis
Introduction to Binary Exploitation
Introduction to Binary Exploitation
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Recently uploaded
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Fatema Valibhai
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
MyIntelliSource, Inc.
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
VitsRangannavar
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
soniya singh
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
Tier1 app
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
Wave PLM
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
kalichargn70th171
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Christina Lin
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
stazi3110
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
BradBedford3
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
MyIntelliSource, Inc.
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
OnePlan Solutions
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
OPEN KNOWLEDGE GmbH
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
kaushalgiri8080
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
Power Karaoke
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
kotipi9215
Recently uploaded
(20)
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
XXE - XML External Entity Attack
1.
Web Application Security
- Team bi0s © 2017 XXE XML External Entity 25 February 2017 @Team bi0s 1/25 HEERAJ Btech, Third Year, Computer Science Engineering Amrita University
2.
whoami Web Application Security
- Team bi0s © 2017 @Team bi0s ➔ Undergraduate Student @ Amrita ➔ Web Security Enthusiast ➔ CTF{flag_seeker} ➔ @HRJ ➔ ww.i4info.in 2/25
3.
Agenda Web Application Security
- Team bi0s © 2017 @Team bi0s ➔Intro to XML & DTD ➔XML Entity ➔Parsing XML ➔Attacks Vector ➔Demo 3/25
4.
XML Web Application Security
- Team bi0s © 2017 @Team bi0s ➔EXtensible Markup Language 4/25 Picture:123RF.COM
5.
Where it is
used ? Web Application Security - Team bi0s © 2017 @Team bi0s ➔Document Formats ➔Image Formats ➔Configuration Files ➔Network Protocols ➔RSS Feeds … etc . . . 5/25 Picture: c-sharpcorner.com
6.
Document Type Definition Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ References an External DTD ➔ Define structure with the list of legal elements 6/25
7.
XML Entity Web Application
Security - Team bi0s © 2017 @Team bi0s ➔ Entities help to reduce the entry of repetitive information and also allow for easier editing Output: Writer: Donald Duck. Copyright: bi0s. 7/25
8.
XML Entity Web Application
Security - Team bi0s © 2017 @Team bi0s XML Entity Internal Entity External Entity 8/25
9.
Parsing Web Application Security
- Team bi0s © 2017 @Team bi0s ➔ Character other than < , > , & , ‘ , “ all are parsable. ➔ PCDATA is text that will be parsed by a parser. Tags inside the text will be treated as markup and entities will be expanded. ➔ CDATA is text that will not be parsed by a parser. 9/25
10.
Attack’s Possible Web Application
Security - Team bi0s © 2017 @Team bi0s ➔ LFI ➔ SSRF ➔ Internal scans ➔ Denial of Service ➔ Rce (Not Always!!!) 10/25
11.
Attack Vectors Web Application
Security - Team bi0s © 2017 @Team bi0s Classic XXE We can view any file which doesn’t contain < , > , & , ‘ , “ as characters. 11/25
12.
12
13.
Direct Feedback Channel Web
Application Security - Team bi0s © 2017 @Team bi0s What if you are Reading Some configuration files? 13
14.
Direct Feedback Channel Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ CDATA very helpful to read web configuration, which contain non parsable characters. But this won’t work !! 14/25
15.
Direct Feedback Channel Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ We have to use Parameter entities ➢ Parameter.dtd 15/25
16.
Out Of Band
Channel Web Application Security - Team bi0s © 2017 @Team bi0s 16/25
17.
Out Of Band
Channel Web Application Security - Team bi0s © 2017 @Team bi0s ➔ No Direct Feedback Channel 17/25 Website: http://web-in-security.blogspot.in/2016/03/xxe-cheat- sheet.html
18.
Billion Laughs Attack
(Simple Denial of Service) Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Works by expansion property (Simple code(<1kb) will expand up to 3 gigabytes of memory. 18/25
19.
Different Protocols Web Application
Security - Team bi0s © 2017 @Team bi0s 19/25
20.
OFFICE OPEN XML Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ Zip archive file containing XML and media files ➔ *.docx , *.xlsx , *.pptx ➔ Developed by Microsoft 20/25
21.
OFFICE OPEN XML Web
Application Security - Team bi0s © 2017 @Team bi0s 21/25 Open XML File Container Document Properties Custom Defined XML Comments WordML/ SpreadsheetML etc Embedded Code/Macros Images, Video, Sound Files Charts
22.
OFFICE OPEN XML Web
Application Security - Team bi0s © 2017 @Team bi0s ➔ General Parsing XML ◆ /_rels/.rels ◆ [Content_Types].xml ◆ Default Main Document ● /word/document.xml ● /ppt/presentation.xml ● /xl/workbook.xml 22/25
23.
Playing With Content
Type Web Application Security - Team bi0s © 2017 @Team bi0s ➔ Server may accept multiple data formats ➔ Results in Json endpoints may be vulnerable to XXE ➔ Content-Type changed to application/xml ➔ JSON has to be converted to XML 23/25
24.
Demo Web Application Security
- Team bi0s © 2017 @Team bi0s 24/25
25.
Solution Web Application Security
- Team bi0s © 2017 @Team bi0s ➢ Don’t reflect the XML back to user ➢ Turn off external DTD fetching ➢ Turn off DTD ➢ Disable External Entity Parsing libxml_disable_entity_loader(true);(PHP) 25/25
Editor's Notes
RSS/xhtml/svg/opendocument/kml/xslt/soap/saml… And Many more are written in XML
Defines the structure, attributes and the legal elements of XML #PCDATA - parsable text data Note defines this must contain to, from, heading,body
Used to include some documents
Public and SYSTEM are the 2 external entities.
Dos( by reading /dev/zero loops
Found Long back in 2002
But this will not work with the above example, we get the error: “XML document structures must start and end within the same entity.”
In the first case it was from same dtd Here we have used different dtd
In the first case it was from same dtd Here we have used different dtd
In the first case it was from same dtd Here we have used different dtd
Google toolbar you can design button using xml, the xxe was in uploading xml
File that are present in the zip archive
File that are present in the zip archive
File that are present in the zip archive
File that are present in the zip archive
Download now