100 Most Popular Courses For October

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

FileCry - The New Age of XXE

Black Hat via YouTube

Start learning Write review

Overview

Explore a Black Hat conference talk delving into critical Xml eXternal Entities (XXE) vulnerabilities in enterprise software. Discover two zero-day exploits affecting Java servers and Internet Explorer, allowing arbitrary file exfiltration and Same Origin Policy bypass. Learn about finding and exploiting these vulnerabilities, as well as prevention strategies. Gain insights into defending against external entities, understanding resolvers, nested exceptions, and disabling protocols. Examine browser history vulnerabilities, quirks mode exploitation, XML parsing techniques, and payload creation. Analyze limitations, parse errors, and cookie file enumeration. Understand who is vulnerable and stay updated on this critical security issue.

Syllabus

Introduction
Defending Against External Entities
External Entities
ZeroDay
Resolvers
Nested Exception
Cause Exception
Exception
ASP
Disable External Entities
Parsers
Disable Protocols
What are we targeting
Browser history
Vulnerability trigger
quirks mode
vulnerable mode
how to parse XML
how to exploit the vulnerability
payload
parse
bypass similar policies
example
click on link
second demo
limitations
parse error
cookie files
enumerate
extra treat
who is vulnerable
update
conclusions
Thank you
Questions

Taught by

Black Hat

Reviews

Start your review of FileCry - The New Age of XXE

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.