Collaborate Disseminate
If you Google for an example of XXE injection you get something like this:
<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM “file:///dev/random” … Continue reading XML External Entity injection within the body of a document
The normal threat model that I see with password hashing is as a kind of defense against if the hash somehow leaks to the wider world. In practice, this appears to usually be via some manner of database breach that ends up wi… Continue reading What is the risk of an attacker inserting new password hashes?
I just had a random occurrence when I went to one of my hosted websites, and saw the page was broken.
We host several domains at this IP, but one domain is actually in the server’s webroot directory, inside are all the direc… Continue reading Trying to figure out if I was hit by an obscure exploit attempt of some kind
How would you read a large file by exploiting an XXE OOB vulnerability through HTTP? The file is very large and exceeds the limit of the URL (2048 characters). Any ideas?
I heard this story about two years ago. Some hacker/digital artist collective who had a bit of code in the title of their book, so that that code was executed by the book store websites. Also they had a webpage which was real… Continue reading Who caused errors in book selling sites by having code in book title
I installed Oxid eShop CE 6.0.2 on my local webserver to analyze the last SQL-injection vulnerability in this webapp.
I found out that it is possible to inject SQL via the sorting parameter (GET). So with the following URL, … Continue reading Exploiting SQL-Injection Vulnerability in Oxid eShop CE 6.0.2 with SQLMAP [on hold]
Is it possible to extract CSRF-token by using inline-CSS injection (inside style attribute)? (It seems to be impossible, because it is not possible to define CSS classes inside attributes.)
<p style=<?php echo htmlsp… Continue reading CSS injection: Extract CSRF-token by using inline-css injection
During a penetration test, I found server side template injection in a Django application that sends templated emails. As far as I can tell, apart from some sensitive information disclosure (thanks to {% debug %} ) and the po… Continue reading Can server side template injection lead to RCE or other severe consquences in Django?
I’ve been reading up on XXE Injection, and so far every example I’ve seen has involved a webserver voluntarily loading xml external entities (as below).
<?php
libxml_disable_entity_loader (false);
$xmlfile = file_get_co… Continue reading Why Would A Web Server Allow Loading XML External Entities?
I developed an application using CodeIgniter and used some libraries from the composer.
So my Vendor directory was in the root directory of this application.
And attacker attacked phpunit/scr/php/util/ directory and injected… Continue reading Codeigniter Site hacked