Making Blind XXE Quicker and Easier By Creating a Script to Exfiltrate Files

Name: Making Blind XXE Quicker and Easier By Creating a Script to Exfiltrate Files
Uploaded: 2023-07-16T16:21:25Z
Channel: IppSec
Description: 00:00 - Introduction, why I created this script and a quick demo 01:00 - Going over XML Entity Injection, doing it manually and explaining what the payl...

IppSec · Beginner ·💻 AI-Assisted Coding ·2y ago

00:00 - Introduction, why I created this script and a quick demo 01:00 - Going over XML Entity Injection, doing it manually and explaining what the payloads are 05:30 - Sponsor shoutout, showing Snyk scan the source code to this application and catching the XXE 06:30 - Patching the code, asking Github Copilot for a proper way to fix it and it recommends disabling loading XML Entity off remote sources 09:55 - Making sure Snyk is happy with our code fix and going over some other findings 11:04 - Start of coding the XXE Script, creating the webserver 16:40 - Putting our webserver in a thread so…

Watch on YouTube ↗ (saves to browser)

Chapters (18)

Introduction, why I created this script and a quick demo

1:00 Going over XML Entity Injection, doing it manually and explaining what the pay

5:30 Sponsor shoutout, showing Snyk scan the source code to this application and ca

6:30 Patching the code, asking Github Copilot for a proper way to fix it and it rec

9:55 Making sure Snyk is happy with our code fix and going over some other findings

11:04 Start of coding the XXE Script, creating the webserver

16:40 Putting our webserver in a thread so we can also run a CLI

18:30 Talking about how and why we are just going to use a global variable with our

19:20 Having our terminal able to update the payload variable, so we can easily chan

22:30 Creating a function to read an HTTP Request copied from Burp, so we can use it

29:28 Testing out our function, and discovering we need to fix the path

33:20 The skeleton of the script is done, adding in the logic to actually perform th

38:15 Running our script and fixing up a few bugs

40:44 Fixing up where we placed the file in our XXE Payload

42:15 Adding comments in our code as we glance over it

43:30 Adding some login in our script to tell the python server it is base64, which

47:30 Adding argparse to our program, so we can get rid of hard coded variables

50:50 Parsing the LHOST variable from the request file we have, so the server will s

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →