Web App Hacking: Hacking XML Processing

This course helps to understand different types of vulnerabilities in XML processing. You'll learn how to test web applications for various XML processing flaws and how to provide countermeasures for these problems.
Course info
Rating
(14)
Level
Beginner
Updated
Jan 23, 2018
Duration
50m
Table of contents
Description
Course info
Rating
(14)
Level
Beginner
Updated
Jan 23, 2018
Duration
50m
Description

XML processing is widely used in modern web applications. This course, Web App Hacking: Hacking XML Processing, will teach you how to avoid the severe consequences of insecure XML processing. First, you’ll learn how the attacker can read the content of sensitive files from the web server with an XML External Entity attack (XXE). Next, you’ll discover how the attacker can steal the SecretAccessKey of the application hosted on Amazon Web Services as a result of an XXE attack. Then, you’ll see how the attacker can get a discount in an online store as a result of an XPath injection. After that, you’ll cover how the attacker can steal a user’s password as a result of an XSS attack via XML. Finally, you’ll explore how the attacker can upload an XML-based image (SVG) and steal some sensitive data from a user as a result of an XSS attack via SVG. By the end of the course, you'll know how to test web applications for various XML processing flaws and how to provide countermeasures for these problems.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
Web App Hacking: Caching Problems
Beginner
45m
10 May 2017
More courses by Dawid Czagan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Dawid. Welcome to my course Web App Hacking: Hacking XML Processing. I am a security instructor, researcher, and buck hunter. In this course I will discuss different types of vulnerabilities in XML processing. You will learn how to test web applications for various XML processing flaws and how to provide countermeasures for these problems. First, I will discuss an XML External Entity attack, in short XXE. I will explain how this attack works, and I will demonstrate how the attacker can read the content of sensitive files from the web server with this attack. Then I will go deeper into an XXE attack, and I will present another powerful attack. I will show you how the attacker can steal the secret access key of the application hosted on the Amazon Web Services as a result of an XXE attack. Next I will discuss an XPath Injection. I will explain how an XPath Injection works, and I will demonstrate how the attacker can get a discount in an online store as a result of this attack. After that, I will show you how the attacker can launch an XSS attack via XML. You will learn how this attack works, and you will see how the attacker can steal a user's password as a result of this attack. And finally, I will present how the attacker can launch an XSS attack via SVG. This attack is very interesting because it allows the attacker to upload an XML-based image and steal some sensitive data from a user. By the end of the course, you will know how to test web applications for various XML processing flaws, and you will also know how to prevent these problems from happening. I hope you will join me on this journey to learn about attacks on XML processing with the Web App Hacking: Hacking XML Processing course at Pluralsight.

XXE Attack
In this module I will discuss an XXE attack. XXE stands for XML External Entity. First, I will explain how an XXE attack works, and then I will present how the attacker can read the content of sensitive files from the web server with this attack. What's more, I will show you a demo, and in the demo you will see how the attacker can steal the credentials to the database from the database configuration file as a result of this attack. And finally, I will tell you how to prevent this attack from happening.

Going Deeper into an XXE Attack
In this module I will go deeper into an XXE attack. You will learn how the attacker can steal the secret access key of the application hosted on Amazon Web Services as a result of an XXE attack. Nowadays, web applications are often hosted in the cloud, and if your web application is hosted on Amazon Web Services, then this attack will be very interesting for you.

XPath Injection
In this module I will discuss an XPath injection. XPath stands for XML Path Language, and it is used for selecting data from an XML file. What I will discuss first in this module is how an XPath Injection works, and then I will demonstrate how the attacker can get a discount in an online store as a result of an XPath Injection. This is a nice example showing how the attacker can get a profit by changing the logic of the underlying XPath query.

XSS via XML
In this module you will learn how the attacker can launch an XSS attack as a result of insecure processing of an XML file. XXS stands for cross-site scripting. This is a very dangerous attack because it allows the attacker to do arbitrary scripting. What I will discuss first in this module is how an XSS attack works. Then I will explain how the attacker can launch an XSS attack as a result of insecure processing of an XML file. And finally, I will demonstrate how the attacker can steal a user's password as a result of this attack.

XSS via SVG
In this module you will learn how the attacker can launch an XSS attack via SVG. SVG is an XML-based graphical file format. What I will explain first in this module is why an SVG file is interesting from the attacker's point of view. Then I will show you how the attacker can launch an XSS attack as a result of insecure processing of an SVG file. And finally, I will demonstrate how the attacker can steal a user's session ID as a result of this attack.