filmov
tv
What You Didn't Know About XML External Entities Attacks - Timothy Morgan
Показать описание
What You Didn't Know About XML External Entities Attacks - Timothy Morgan
The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. Certain features built into the design of XML, namely inline schemas and document type definitions (DTDs) are a well-known source of potential security problems. Despite being a publicly discussed for more than a decade, a significant percentage of software using XML remains vulnerable to malicious schemas and DTDs. This talk will describe a collection of techniques for exploiting XML external entities (XXE) vulnerabilities, some of which we believe are novel. These techniques can allow for more convenient file content theft, sending of arbitrary data to arbitrary internal TCP services, uploads of arbitrary files to known locations on a vulnerable system, as well as several possible denial of service attacks. We hope this talk will raise awareness about the overall risk associated with XXE attacks and will provide recommendations that developers and XML library implementors can use to help prevent these attacks.
-
The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. Certain features built into the design of XML, namely inline schemas and document type definitions (DTDs) are a well-known source of potential security problems. Despite being a publicly discussed for more than a decade, a significant percentage of software using XML remains vulnerable to malicious schemas and DTDs. This talk will describe a collection of techniques for exploiting XML external entities (XXE) vulnerabilities, some of which we believe are novel. These techniques can allow for more convenient file content theft, sending of arbitrary data to arbitrary internal TCP services, uploads of arbitrary files to known locations on a vulnerable system, as well as several possible denial of service attacks. We hope this talk will raise awareness about the overall risk associated with XXE attacks and will provide recommendations that developers and XML library implementors can use to help prevent these attacks.
-
0:12:01
What you didn't know about YouTube.
0:17:12
What You Didn't Know About Diddy
0:13:52
What you didn't know about TikTok. 🤫
0:15:41
What you didn't know about Apple.
0:17:27
10 Things You Didn't Know About Blazing Saddles
0:26:49
50 Insane Declassified FBI Secrets You Didn’t Know
0:13:48
What you didn't know about Xiaomi.
0:00:52
Random Facts You Didn't Know 13
0:26:21
Incredible Inventions You Didn't Know About
0:20:09
What you didn't know about narcissists and empathy...
0:31:59
Stephen Miller: Everything You Didn't Know About His Sh*tty Past
0:21:15
Top 20 Songs You Didn't Know Were Written by Bruno Mars
1:49:06
Pastor Gino Jennings [ January 21, 2025 ]…TERRIFYING: What You Didn't Know About Jesus!
0:18:34
10 Things You Didn't Know About Fast Times at Ridgemont High
0:21:04
30 Facts You Didn't Know About Titanic
0:19:18
10 Things You Didn't Know Could Kill You Reaction
0:10:10
'I Didn’t Know I Was Pregnant - Until I Gave Birth on Christmas Day!' | This Morning
0:03:06
14 Facts You Didn't Know About The Willoughbys | Netflix After School
0:10:46
20 Things You Didn't Know About Call Me by Your Name
0:10:41
10 Facts About Our Planet You Didn't Learn In School
0:00:20
What You Didn’t Know About Walt Disney…
0:06:08
Wendy and Lyndon Show How to Save Water and Don’t Waste Natural Resources | Kids Learn Life Lessons...
0:00:42
Lego Pieces that you didn't know got updated 9
0:04:15
Things You Didn't Know About Table Tennis
Комментарии