Archive for the ‘xpath injection’ Category
· XML today
· XML/XPath injection – Demo
· Compiled XPath queries
· DTD use and abuse
– document validations
– entity expansions
– denial of service – Demo
– arbitrary uri access (egress)
– file enumeration and theft – Demo
– CSRF on internal systems – Demo?
· Framework defaults limits/restrictions
· Lessons learned
· Verifying your XML systems for potential threats
1. All of them inclusive of sample code for exploits and prevention. Language(C#, Java, php)/Platform(Windows/Linux) agnostic wherever possible.
2. It is imperative at this juncture, that you are aware of most attack scenarios against XML, because the framework defaults may not protect you, hence you may be vulnerable, you might have not found it yet.
3. The session is a bit biased towards DTD abuse in XML systems, as the Injection concepts and remediation remain common in XML when compared to Sql injection.