PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc ....

Date post:	26-Oct-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

Download Report this document

Share this document with a friend

Embed Size (px):

Advanced XXE Exploitation Exercise 3: PHP filter encoding (App port 8023) Philippe Arteau GoSecure Countertack 19/06/2019 Slides: http://bit.ly/xxeparis

Transcript

Page 1: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

Advanced XXE ExploitationExercise 3: PHP filter encoding (App port 8023)

Philippe ArteauGoSecure Countertack

19/06/2019Slides: http://bit.ly/xxeparis

http://bit.ly/xxeparis

Page 2: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

Page 3: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

Allow the extraction of binary file

SVN metadata(older version : .svn/entries)

Page 4: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

1. Ctrl-Shift-B

2. Grep or Open in SQLite Other file versionned

Page 5: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

Use the same method use to read SVN metadata to read this PHP file

Page 6: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

Page 7: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

Page 8: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

Can you find how to get RCE using the PHP script?

Page 9: PHP filter encoding2019/06/19 · atom in a few seconds Edit View Language Logout / .svn/wc . Control Panel XML File 2 4 6 16 feed [ xxe SYSTEM < feed> " php: / / filter/ convert.

QuestionS ?

[email protected]/blog/@h3xStream @GoSecure_Inc

Documents

PHP and MySQL php-mysql PHP and MySQL

Documents

dynaJET - UGSI Chemical Feed · 2018. 6. 21. · it be a centrifuge, belt filter press, clarifier, filter, paper machine, or whatever your process requires, your investment is substantial.

Documents

SecurityPHPApril 2010 : [‹#›] PHP Security. SecurityPHPApril 2010 : [‹#›] Two Golden Rules 1.FILTER external input Obvious.. $_POST, $_COOKIE, etc. Less.

Documents

MENU - The Wholesome Table...Desiccated Coconut Almonds Granola Php 60 Php 70 Php 70 Php 100 Fruit add-ons: Mangoes Banana Blueberries Fresh Strawberries Php 20 Php 40 Php 50 Superfood

Documents

SPECTRUM FILTER - pdfs.semanticscholar.org · al air-scourable multi-media filter. Feed water is dosed with coagulant (polymer for high turbidity feed waters) and flows down through

Documents

KSL - Transfluid - Trasmissioni industriali · KSL variable oil feed system is controlled by a frequency converter ... feed oil filter 12 - lub. oil filter 13 ... GAS TURBINE STARTING

Documents

AVX EMI Filters · 2004-10-08 · 5 FEED-C THRU FILTER L FILTER π FILTER T FILTER Filter Types A feedthru is a low inductance device, acting as a bypass feedthru capacitor to ground.

Documents

Membrane Filtration Handbook - Big Brand Water Filter, Inc.€¦ · Pressure, Either the pressure from the feed pump (standard meaning), or the pressure feed at the inlet to a membrane

Documents

CASE STUDY - TORAY€¦ · Table 1 — Quick Facts Feed source Open intake seawater from the Mediterranean Sea Pretreatment 2-stage sand filter followed by 5-micron cartridge filter

Documents

PHP Development - Introductionmhughes/Lectures/PHPDevelopment1.pdfPHP Development - Introduction . Php Hypertext Processor • PHP stands for PHP: Hypertext Preprocessor • PHP is

Documents

Pop the Feed Filter Bubble: Making Reddit Social Media a ... › research › publications › vr2018.pdf · Pop the Feed Filter Bubble: Making Reddit Social Media a VR Cityscape

Documents

Hybrid RF-Digital Feed-Forward Filter for High-Order ...

Documents

PHP Basics (See PHP on line manual at: PHP - Overview Scripting vs Programming Code Examples – PHP; Perl; JSP PHP Strengths.

Documents

-The Premier Supplier of BWT Expertiseconference9.diorama.gr/images/presentations/Kashif_Javaid.pdf · 2 management. C2E feed water Disinfectant from C2E C2E feed water filter Ballast

Documents

Farmed Fish & shellFish sourcing transparency 2017€¦ · Feed is not required because scallops are filter feeders, which means they filter particles of food from the water column.

Documents

UOP Separex Membrane Technology - Honeywell UOP · PDF fileStandard Pretreatment Filter Coalescer Non-Regenerative Absorbent Bed Feed Particle Filter Heater Membrane ... UOP 5241E-49.

Documents

Education