Advanced XXE Exploitation Exercise 2: External DTD …...Burp Suite Professional VI .7.37 -...

Preview:

Click to see full reader

Citation preview

Advanced XXE ExploitationExercise 2: External DTD (App port 8022)

Philippe ArteauGoSecure Countertack

19/06/2019Slides: http://bit.ly/xxeparis

http://bit.ly/xxeparis

Direct response from XXE

Not ideal In some case, you might have no response

Side-Channel XXE with external DTD

XML

Request DTD

Request FTP

XML payload

DTD host over HTTP

XML payload

FTP service

Edit FTP to have something unique

In real test, you should test using :- 443- 80- 21

1. Send XML payload

2. DTD is loaded!

3. FTP URL is evaluated!

Putting the pieces together

Using repeater efficiently with HackVertor

Using the fake FTP server interactivelly

Bonus:Try to get RCE on the server

QuestionS ?

Contactparteau@gosecure.cagosecure.net/blog/@h3xStream @GoSecure_Inc

Recommended

Cloud Platform 2.21 API Release Notes - Qualys · With our new Burp API, you can now import Burp scan reports and store the findings discovered by the Burp Suite scanner with those
Documents
Burp Suite Starter
Technology
GoSecure Student Travel Insurance Policy Wording...GoSecure – Student Travel Insurance Policy Wording Scope of Cover This is your GoSecure Student Travel Insurance Policy. It tells
Documents
Burp Suite Pro Real-life tips & tricks - Agarri · Burp Suite Pro Real-life tips & tricks Nicolas Grégoire. ... Magic combo: Nikto Burp FuzzDB ... Misc Custom Logger, Burp Notes,
Documents
Zap vs burp
Software
Julia Ray Bib & Burp Collection, 2013
Documents
Bath Burp 9
Documents
GoSecure Inc. 03/07/2007 · 2017. 6. 13. · GoSecure Inc. 03/07/2007 3 Google Search Technique – Just put the word and run the search You need to audit your Internet presence –
Documents
TUTORIAL B - Flannel Burp Cloth
Documents
Burp N Baby
Design
Pentesting Using Burp Suite
Documents
Saluting the Salubrious Burp: The Burp that Healed, by Pieter Uys
Documents
NEST Kali Linux Tutorial: Burp Suitenest.unm.edu/files/9413/8379/7983/burpsuite.pdf · NEST Kali Linux Tutorial: Burp Suite “Burp gives you full control, letting you combine advanced
Documents
AppSec USA 2015: Customizing Burp Suite
Technology
THE GOSECURE EMAIL SECURITY PLATFORM · and provides an automated process for employees to report suspicious emails to the GoSecure Threat Detection Center—alleviating helpdesk
Documents
Bath Burp Issue 10
Documents
Definitive Guide to PENETRATION TESTING - Core Sentinel · Burp Suite. Burp is a web application intercepting proxy which is Burp is a web application intercepting proxy which is
Documents
Extending Burp with Python
Documents
Automation of Web Application Scanning with Burp …...Why Burp Suite? 5 Burp Suite - GUI proxy server for manual analyse of HTTP and Websocket protocols › Everyone in our team uses
Documents
Burp Suite Pro - Hack In Paris · Burp Suite Pro Real-life tips & tricks Nicolas Grégoire. ... Magic combo: Nikto Burp FuzzDB ... Misc Custom Logger, Burp Notes,
Documents