From the course: Penetration Testing Web Apps with Kali and Burp Suite
Join today to access over 24,900 courses taught by industry experts.
Injecting XML into a web page
From the course: Penetration Testing Web Apps with Kali and Burp Suite
Injecting XML into a web page
- XML is another technology which is used in webpages. If we can inject XML, then we may be able to use it to gain access to data. Let's see how we might inject some code into a server via an XML input field. For this testing, we'll use Mutillidae. We'll select XML external entities and open the XML validator page. And let's enter message "hello folks" and validate that. And this validates and we can see the message displayed. Let's exploit this webpage. We can input a slightly more complex XML construct. to access the contents of a file. In this case, we'll check the contents of /et cetera/ password and we'll do that with shriek doc type. And we'll give it to name, and shriek entity and we'll just call it F as a variable and system. And the system entity we want is the file /// et cetera / password. And we'll put out the message with the contents of that, and validate that. And we can see the contents of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
(Locked)
Exploiting your way into the gym4m
-
(Locked)
Exploiting through an ASPX shell with Cadaver4m 58s
-
(Locked)
Checking web page source1m 50s
-
(Locked)
Injecting HTML into a web page4m 6s
-
(Locked)
Exploiting tools left on websites2m 31s
-
(Locked)
Injecting SQL using Burp Suite3m 45s
-
(Locked)
Exploiting Node.js5m 55s
-
(Locked)
Injecting XML into a web page1m 55s
-
(Locked)
File access through a web application URL1m 32s
-
(Locked)
-
-