Skip to main content

Posts

Showing posts from March, 2024

Insecure Deserialization Cheatsheet

 Any class that implements the interface java.io.Serializable can be serialized and deserialized. If you have source code access, take note of any code that uses the readObject() method, which is used to read and deserialize data from an InputStream. The native methods for PHP serialization are serialize() and unserialize(). If you have source code access, you should start by looking for unserialize(). Basic Serialization - look for cookies with base64 encoded or some kind of searialzed you can update the admin;b:0 to admin;B:1 --> which makes us admin PHP - Exploiting Data Types - Look for cookies and any other serialized values - Update the user value or the username to any user - if required update the access token, serialize it and try to access unauthorized data Example Update the data from O:4:"User":2:{s:8:"username";s:6:"wiener";s:12:"access_token";s:32:"msai659yp7cfu0magd7vm3siq9ls2cld";} to O:4:"User":2:{s:

XML External Entities - XXE Cheatsheet

 XML External Entity (XXE) attacks are a type of security vulnerability that exploit weaknesses in the processing of XML data. These attacks occur when XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing an attacker to access the file system, carry out server-side request forgery (SSRF), or even execute remote code. XXE vulnerabilities arise due to dangerous features in the XML specification, which are often enabled in standard parsers. Attackers can leverage these features to perform actions like viewing sensitive files, interacting with back-end systems, or escalating the attack to compromise servers. Preventing XXE requires secure coding practices, such as disabling external entities and using fewer complex data formats. XXE Detection Request Body contains ' <?xml version="1.0" encoding="UTF-8"? >' Content Type header is 'text/xml' Basic XXE - add it in the request parameters <