SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsMany web applications that accept and respond to XML requests are vulnerable to XML External Entity (XXE) attacks due to default XML parser settings. This vulnerability can be exploited to read arbitrary files from the server, including sensitive files such as the application configuration files. This paper provides detailed instructions for building a vulnerable web application using the standard XML parser that comes with the Java development kit. A virtual machine image of the complete system is also provided, allowing experimentation and visualization of the vulnerability. The virtual machine image can be used to provide engaging, hands-on XXE training for developers and intrusion analysts. Exploitation tools and techniques for reading the applications sensitive configuration file are demonstrated. A simple method for removing the vulnerability is reviewed. Finally network intrusion analysis is performed to discover how the vulnerability was exploited and what sensitive information was exposed.