Love thy scripture – XXE

Categories
Injection, pentest, WAAS, Web Attacks, webdev

XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services.  The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with […]

Clouded Flaws

Categories
Uncategorized, WAAS, Web Attacks, webdev

This is a simple discussion based on the demo done at Barcamp 2014.This writeup is based on the problems faced in the implementation of a majority of the cloud based systems especially those offered as SaaS. Some of the issues highlighted here are:  Session Management Failures Poor Coding Practices (Non Secure SDLC) Failed Business Continuity […]

XAMPP 1.7.3 Heisting

Categories
Uncategorized, WAAS, Web Attacks

Due to the increase in Web Application Exfiltration of data it would be prudent to show a simple scenario that would have this kind of attack suffice; This is to show a vulnerability within webdav service on xampp 1.7.3. Let’s assume the setup below as a simple lab: A banking system application in PHP hosted on […]