Page 11 - Hands-On Bug Hunting for Penetration Testers
P. 11
Table of Contents
A simple XXE example 116
XML injection vectors 118
XML injection and XXE – stronger together 119
Testing for XXE – where to find it, and how to verify it 120
XXE – an end-to-end example 120
Gathering report information 125
Category 125
Timestamps 125
URL 125
Payload 125
Methodology 125
Instructions to reproduce 126
Attack scenario 126
Final report 126
Summary 127
Questions 127
Further reading 128
Chapter 8: Access Control and Security Through Obscurity 129
Technical Requirements 129
Security by Obscurity – The Siren Song 130
Data Leaks – What Information Matters? 131
API Keys 131
Access Tokens 131
Passwords 132
Hostnames 132
Machine RSA/Encryption Keys 132
Account and Application Data 132
Low Value Data – What Doesn’t Matter 132
Generally Descriptive Error Messages 133
404 and Other Non-200 Error Codes 133
Username Enumeration 133
Browser Autocomplete or Save Password Functionality 133
Data Leak Vectors 134
Config Files 134
Public Code Repos 134
Client Source Code 135
Hidden Fields 135
Error Messages 136
Unmasking Hidden Content – How to Pull the Curtains Back 136
Preliminary Code Analysis 136
Using Burp to Uncover Hidden Fields 136
Data Leakage – An End-to-End Example 138
Gathering Report Information 141
Final Report 142
[ iv ]
