Skip main navigation

Exploitation

This video will take you through an attempt to upload malicious files to a database on the OWASP Juice Shop.
6.8
Welcome back to XML External Entities session. In this second part, we will exploit our intentionally vulnerable application to get access to some sensitive data. We will jump straight to the hands on exploitation, and then move on to the mitigation part.
24.6
We should look for some upload features so that we can upload a malicious XML file. Let’s see what features anonymous users have access to.
43.9
The customer feedback forum does not allow any uploads, and as anonymous users, we don’t have that much features. Let’s sign up for a regular user account.
58.9
Okay, let’s check the same features, but now as authenticated users.
66.3
Customer feedback form remains the same. Complaint is a new feature, and this time, it looks like we will be able to upload some files. Let’s prepare something.
82.5
This is our malicious XML file. We declare an external entity, XXE, whose contents should be loaded from a specific file. This file is where Linux systems store user account information. If XML files are allowed and processed by a vulnerable XML processor, then it should load the file and replace our entity inside the message tag bytes content.
108.2
Let’s open developer tool so that we can inspect network traffic.
134.3
Apparently, XML is not an expectable upload format, but let’s see what happens.
148.1
We’ve got an error message. Let’s inspect it.
161.1
The request includes our XML file content, and the response shows an error message.
177.2
It looks like our XML file content is partially returned as part of the error message.
191.4
Inside the message tag, we have the content of the passwd file. Let’s see what else we can get from the system.
208.2
Fingerprinting the operating system can be interesting.
238.8
Again, the same HTTP error response.
243.8
We also get the same error message including our XML file content and information about the operating system Juice Shop is running on. We could keep going, gathering content from the server, but let’s move forward. In the third and last part of this session, we will discuss XML external entities mitigation.

This video will take you through an attempt to upload malicious files to a database on the OWASP Juice Shop and show you what information can be gathered from a failed attempt.

Hackers will often try to upload malicious files to databases, either to disrupt the system or to get greater access and data. In this video, you will learn how to upload files to the OWASP Juice Shop. Even when a system is able to reject these files, a hacker can learn a lot about the database that they can use to design their next attack. You will follow the process a hacker might use to upload a file, and you will see everything they can learn.

This article is from the free online

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education