Day 9/100 Hack and Improvement

1 minute read

About to achivive the first 10 days of #100daysofhackandimprove! Today, day 9 brings some brief analysis among XXE vulnearbilities and Insecure Direct Object Reference (IDOR). Enjoy!

Insecure Object Refernce (IDOR)

From Rajesh Ranjan, IDOR stands for Insecure Direct Object Reference is a security vulnerability in which a user is able to access and make changes to data of any other user present in the system. It has been placed fourth on the list of OWASP Top 10 Web application security risks since 2013. This attack is likely to occur when the internal implementation object, without any validation mechanism which allows attackers to manipulate these references to access unauthorized data.

Writeup for Second order IDOR

So I was checking Medium today, and found an amazing writeup about second level IDOR. A big shoutout to Ozgur Alp. In this writeup he has explained, how he was able to manipulate a receipt generation system of a Banking Application. Here is the link of that writeup.

XML External Entity (XXE)

From Sam (CoffeeJunkie), Attacker can exploit how an application parses XML by taking advantage of XEE, you can use XXE vulnerabilities to extract information from a server or to call a malicious server. This is an example of an XML language that a web application might allow us to submit.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ELEMENT foo ANY >
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
   ]
   >
 <foo>&xxe;</foo>

Write Up and explanation

READ ACCESS TO GOOGLE

  • The attacker by using Google dorking, he found a system called Google Toolbar button gallery.
  • After pocking around in the web app, the attacker found a feature that allows to create your own buttons by uploading XML files.
  • Once the attacker saw the options, he uploaded a XML file in order to read the folder /etc/passwd in the target system.

nmap scan

Conclusions

Vulnerabilites bring a big scope, in the case of IDORs, with its parameters, and in the case of XXE, witht the input and information that the server is able to take.

Leave a comment