Overview
Explore a Black Hat conference talk delving into critical Xml eXternal Entities (XXE) vulnerabilities in enterprise software. Discover two zero-day exploits affecting Java servers and Internet Explorer, allowing arbitrary file exfiltration and Same Origin Policy bypass. Learn about finding and exploiting these vulnerabilities, as well as prevention strategies. Gain insights into defending against external entities, understanding resolvers, nested exceptions, and disabling protocols. Examine browser history vulnerabilities, quirks mode exploitation, XML parsing techniques, and payload creation. Analyze limitations, parse errors, and cookie file enumeration. Understand who is vulnerable and stay updated on this critical security issue.
Syllabus
Introduction
Defending Against External Entities
External Entities
ZeroDay
Resolvers
Nested Exception
Cause Exception
Exception
ASP
Disable External Entities
Parsers
Disable Protocols
What are we targeting
Browser history
Vulnerability trigger
quirks mode
vulnerable mode
how to parse XML
how to exploit the vulnerability
payload
parse
bypass similar policies
example
click on link
second demo
limitations
parse error
cookie files
enumerate
extra treat
who is vulnerable
update
conclusions
Thank you
Questions
Taught by
Black Hat