Loading SUMMARY.md +2 −1 Original line number Diff line number Diff line Loading @@ -42,13 +42,14 @@ * [Attacking the System](lead_to_compromise.md) * [Local File Inclusion](local_file_inclusion.md) * [Remote File Inclusion](remote_file_inclusion.md) * [Directory Traversal Attack](directory-traversal-attack.md) * [Hidden Files and Directories](web-scanning.md) * [SQL-Injections](sql-injections.md) * [Nosql-Injections](nosql-injections.md) * [XML External Entity Attack](xml_external_entity_attack.md) * [Bypass File Upload Filtering](bypass_image_upload.md) * [Exposed Version Control](exposed_version_control.md) * [Failure to Restrict URL Access](failure-to-restrict-url-access.md) * Directory Traversal Attack * [Attacking the User](attacking_the_user.md) * [Clickjacking](clickjacking.md) * [Broken Authentication or Session Management](broken_authentication_or_session_management.md) Loading directory-traversal-attack.md 0 → 100644 +6 −0 Original line number Diff line number Diff line ## Directory Traversal Attack When the attacker is able to read files on the filesystem. Differ from LFI in the aspect that LFI can execute code, while a Directory Traversal Attack cannot. xml_external_entity_attack.md +14 −2 Original line number Diff line number Diff line Loading @@ -44,8 +44,6 @@ Example of valid XML: * Whitespace is perserved in XML ### Attack So if an application receives XML to the server the attacker might be able to exploit an XXE. An attack might look like this: Loading @@ -61,3 +59,17 @@ The elemet can be whatever, it doesn't matter. The xxe is the "variable" where t In php-applications where the expect module is loaded it is possible to get RCE. It is not a very common vulnerability, but still good to know. ``` <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "expect://id" >]> <creds> <user>&xxe;</user> <pass>mypass</pass> </creds> ``` Loading
SUMMARY.md +2 −1 Original line number Diff line number Diff line Loading @@ -42,13 +42,14 @@ * [Attacking the System](lead_to_compromise.md) * [Local File Inclusion](local_file_inclusion.md) * [Remote File Inclusion](remote_file_inclusion.md) * [Directory Traversal Attack](directory-traversal-attack.md) * [Hidden Files and Directories](web-scanning.md) * [SQL-Injections](sql-injections.md) * [Nosql-Injections](nosql-injections.md) * [XML External Entity Attack](xml_external_entity_attack.md) * [Bypass File Upload Filtering](bypass_image_upload.md) * [Exposed Version Control](exposed_version_control.md) * [Failure to Restrict URL Access](failure-to-restrict-url-access.md) * Directory Traversal Attack * [Attacking the User](attacking_the_user.md) * [Clickjacking](clickjacking.md) * [Broken Authentication or Session Management](broken_authentication_or_session_management.md) Loading
directory-traversal-attack.md 0 → 100644 +6 −0 Original line number Diff line number Diff line ## Directory Traversal Attack When the attacker is able to read files on the filesystem. Differ from LFI in the aspect that LFI can execute code, while a Directory Traversal Attack cannot.
xml_external_entity_attack.md +14 −2 Original line number Diff line number Diff line Loading @@ -44,8 +44,6 @@ Example of valid XML: * Whitespace is perserved in XML ### Attack So if an application receives XML to the server the attacker might be able to exploit an XXE. An attack might look like this: Loading @@ -61,3 +59,17 @@ The elemet can be whatever, it doesn't matter. The xxe is the "variable" where t In php-applications where the expect module is loaded it is possible to get RCE. It is not a very common vulnerability, but still good to know. ``` <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "expect://id" >]> <creds> <user>&xxe;</user> <pass>mypass</pass> </creds> ```
