So hello everyone and welcome to in Cyprus and this is the fourth video for the OS top ten and now we are dealing with the fourth most critical vulnerability that has been chosen by the security researchers from all over the world and that is accessing x x e that is XML external entities so as the name stands you.
Must be knowing that this has something to do with XML right so right now actually for this type of.
Vulnerabilities it will be really better if you can just look at the syntax of XML the basic syntax the DTD and different the the basic syntax it will be better to understand it after that now if you have.
Gone through that then now where should you look for actually to find this dang kind of vulnerabilities actually if the application accepts XML directly or.
In any form you can insert any data malicious code inside the XML document which is then weakly passed by some weak XML processor ok it doesn’t sanitize the input.
Or doesn’t filter anything then that can be vulnerable to access he attacks then there are so based web services ok actually this soap based web services are they generally based on XML okay on XML so the d some this can be vulnerable if the soap version is prior to 1.
2 okay and actually this kind of attack like xxe attack can really.
Lead to dos attack you must have heard the name dos denial of service attacks which can totally break the whole system and you won’t be the normal user won’t be able to access the application for the time for that time now as I was telling about the doors doors and everything here is a simple example.
Actually this is an a simple XML syntax this is a simple XML syntax actually so as you can see this is where we give a DTD and everything and this is here the code which I am trying to get Etsy password from the server okay this will if the application is vulnerable to exact C injection then this.
Code will give us the whole password files it can be hash or any file but it will give us of the server on which we are attacking trying to die or if just a simple replacement of this HC password file with that Dave random file can perform a DOS.
Attack because the Dave random file can be potentially and less okay so there will many many requests will be sent to the server and as a result the server won’t be able to take so many requests and this will and toss attack will.
Take place then let’s see an example at the shepcote okay so I have already told you how to start with a code and all now for this actually you will need web code and Bob.
Sweet also okay Bob Suter is app anything will do in which you can intercept the request actually so if you have the same version of effort as mine you can see in the parameter tampering you can see there is a mission for.
XML external entities XX e now actually what the problem says is that you are searching for a ticket from.
Boston for a well-deserved holiday this is the code try to search for a ticket try to find a try to find a flaw in the search from English the route director of the operating system what did it means is you have to get the root directory it’s.
Already telling us that it is vulnerable to XML injection or you can think by seeing the if I try to search the forum by giving pause and then see Bob sweet then when you see the verse so this is the actually the request which is being sent okay now let’s send it to the Peter okay you know what the Peter.
Is we can see that the question response both inside it we can see any question responsible so.
Here it is saying this is the XML person and this is the code okay the DTD did a type definition it’s another DTD now you can change that according to your needs so here is the XML code which I have written okay this now actually you can just cut it from here and then paste the code here now what.
It will do it will give you the directory listing of the whole operating system.
Of the server okay now if you are a little bit creative and you want to see des it’s the password then you can just change it to like this password okay and it will give you know when.
You see go see it’s giving us the whole let’s see password friend like we can see in our Linux.
Operating system or anything okay in.
This way this XML injection work there is that you inject the XML code and it will give you some access to different.
Sensitive it can give it see it is a very sensitive file for the server actually this file it’s a passive fur and we can see so it’s really bad for the company now coming back to the slides the possible remediations now as you can see.
It’s a input based attack then the most probable thing to do is to do a white listing or some input validation okay filtering should also do don’t go for black listing of different what to say payloads are different kinds of words because that won’t help so.
Whitelisting is good disable DTD in all xml parses the main the major factor for xml attacks is that due to the weak Excel due to the weak parsing of.
The XML parsers okay so in this case disabled DTD.
Document type definition then upgrade the latest XML processors and upgrade soup to latest version as I already told so should be the comes out with different perks and fixes so keep.
It up graded because it is totally based on XML now for additional resources you can check these two websites these are both from OS actually and here who has fast means written very clearly on how you can do access the attacks as I politea told at the.
Start of the video that you should have a little knowledge of XML language is not so different from HTML it’s just a new language so just know just get the basic syntax okay the basic syntax and what DTD is and you will be good to go for this type for adding this type of vulnerability and this term attack so this is all for this video of this help so subscribe to our channel and wish you a very good luck till then keep.