Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only T&Cs apply

Find out more

Exploitation

This video will take you through an attempt to upload malicious files to a database on the OWASP Juice Shop.
6.8
Welcome back to XML External Entities session. In this second part, we will exploit our intentionally vulnerable application to get access to some sensitive data. We will jump straight to the hands on exploitation, and then move on to the mitigation part.
24.6
We should look for some upload features so that we can upload a malicious XML file. Let’s see what features anonymous users have access to.
43.9
The customer feedback forum does not allow any uploads, and as anonymous users, we don’t have that much features. Let’s sign up for a regular user account.
58.9
Okay, let’s check the same features, but now as authenticated users.
66.3
Customer feedback form remains the same. Complaint is a new feature, and this time, it looks like we will be able to upload some files. Let’s prepare something.
82.5
This is our malicious XML file. We declare an external entity, XXE, whose contents should be loaded from a specific file. This file is where Linux systems store user account information. If XML files are allowed and processed by a vulnerable XML processor, then it should load the file and replace our entity inside the message tag bytes content.
108.2
Let’s open developer tool so that we can inspect network traffic.
134.3
Apparently, XML is not an expectable upload format, but let’s see what happens.
148.1
We’ve got an error message. Let’s inspect it.
161.1
The request includes our XML file content, and the response shows an error message.
177.2
It looks like our XML file content is partially returned as part of the error message.
191.4
Inside the message tag, we have the content of the passwd file. Let’s see what else we can get from the system.
208.2
Fingerprinting the operating system can be interesting.
238.8
Again, the same HTTP error response.
243.8
We also get the same error message including our XML file content and information about the operating system Juice Shop is running on. We could keep going, gathering content from the server, but let’s move forward. In the third and last part of this session, we will discuss XML external entities mitigation.

This video will take you through an attempt to upload malicious files to a database on the OWASP Juice Shop and show you what information can be gathered from a failed attempt.

Hackers will often try to upload malicious files to databases, either to disrupt the system or to get greater access and data. In this video, you will learn how to upload files to the OWASP Juice Shop. Even when a system is able to reject these files, a hacker can learn a lot about the database that they can use to design their next attack. You will follow the process a hacker might use to upload a file, and you will see everything they can learn.

This article is from the free online

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now