1 00:00:03,900 --> 00:00:04,450 Hello. 2 00:00:04,740 --> 00:00:13,290 We'll see in this lesson a laboratory concerning the exploitation of vulnerabilities of type XML External 3 00:00:13,290 --> 00:00:25,890 Entities. In the VVWA application from GitHub, I developed this laboratory accessible through 4 00:00:25,890 --> 00:00:33,420 the XXE lab link, which allows you to understand what this vulnerability consists of and how it can 5 00:00:33,420 --> 00:00:36,780 be mitigated. In the textarea. 6 00:00:36,810 --> 00:00:42,780 there is a hypothetical XML document concerning a CD catalog. 7 00:00:44,700 --> 00:00:50,730 And this is what the programer on the next page 8 00:00:51,970 --> 00:00:54,730 expects to parse. 9 00:00:56,500 --> 00:01:04,790 So by pressing on the process button, you can see that on the next page the XML is processed 10 00:01:04,900 --> 00:01:14,800 and its content is printed, let's go back and see what happens if instead of sending the correct XML 11 00:01:15,930 --> 00:01:19,890 you get an XML modified 12 00:01:21,350 --> 00:01:29,820 As follows, this is an example of an XML external entities attack pattern, the theory of which I 13 00:01:29,870 --> 00:01:36,020 explained in the previous lesson, and in this attack pattern 14 00:01:36,440 --> 00:01:42,980 I have also prepared the possibility of accessing an external entity, specifically a file on the web 15 00:01:42,980 --> 00:01:44,450 server's file system. 16 00:01:45,370 --> 00:01:51,340 So the XML parser, if purely configured, will load the data from the indicated path. 17 00:01:52,720 --> 00:01:58,660 So let's see then with this pattern, making it process on the next page, what happens. 18 00:01:59,800 --> 00:02:02,290 And here it is. 19 00:02:02,290 --> 00:02:07,510 The parser is vulnerable and is being tricked into processing an external entity 20 00:02:07,930 --> 00:02:10,170 data. The content of a file. 21 00:02:11,740 --> 00:02:12,220 So. 22 00:02:14,170 --> 00:02:15,040 Let's see. 23 00:02:15,850 --> 00:02:16,960 Oh, now 24 00:02:18,970 --> 00:02:22,390 OK, how to mitigate this problem 25 00:02:22,420 --> 00:02:26,020 Let's go to Visual Studio, back. 26 00:02:27,870 --> 00:02:28,590 And 27 00:02:32,380 --> 00:02:39,040 OK, let's go to the source page of the page that processes the XML file. 28 00:02:40,180 --> 00:02:47,530 Here, and let's comment on the line of code that sets the DtdProcessing property to Parse 29 00:02:50,870 --> 00:02:51,410 Yeah. 30 00:02:53,700 --> 00:03:01,200 And uncomment the line that sets the property to the prohibit value. 31 00:03:06,560 --> 00:03:07,160 So. 32 00:03:08,440 --> 00:03:14,920 Thus blocking the possibility of passing an XML that defines a DTD. 33 00:03:18,620 --> 00:03:25,190 So you can see the mitigation is very simple, but the important thing is to make sure what the default 34 00:03:25,190 --> 00:03:27,740 value of this property is. 35 00:03:28,800 --> 00:03:29,250 Now 36 00:03:30,340 --> 00:03:31,750 Let's go 37 00:03:32,770 --> 00:03:34,840 Back to run the application. 38 00:03:37,530 --> 00:03:45,300 After applying the mitigation and let's see what happens. 39 00:03:47,590 --> 00:03:53,560 If you try to inject the malicious pattern as before. 40 00:03:54,770 --> 00:03:55,250 So. 41 00:03:56,490 --> 00:04:03,630 Let's try as before to process the XML that defines a DTD. 42 00:04:05,530 --> 00:04:07,340 OK, but 43 00:04:09,810 --> 00:04:17,070 This time, as you can see, the possibility of parsing the XML file is blocked and the runtime 44 00:04:17,070 --> 00:04:22,650 exception is thrown, which I deliberately didn't handle 45 00:04:23,600 --> 00:04:26,960 to highlight the anomaly. 46 00:04:29,650 --> 00:04:30,070 So. 47 00:04:32,390 --> 00:04:35,980 Thank you for your kind attention.