Fun with Exploiting XML External Entity Expansion presented at SourceDublin 2015

by Georg Chalupar,

Summary : In some cases, XXE (XML External Entity) processing vulnerabilities allow to get directory listings and download files from a vulnerable server. This talk outlines what is XXE, some differences between various platforms (Java, .NET PHP, etc); and their vulnerabilities.
The talk will then present a tool to automate the process of retrieving directories from vulnerable sys- tems for further analysis. Tool scenarios for usage, implementation and related caveats will be covered. The talk will conclude with recommendations on how organisations can protect themselves against XXE related attacks.