https://soffensive.github.io/tags/dtd/Recent content in DTD on soffensive blogHugoenSat, 18 May 2019 05:35:00 -0700https://soffensive.github.io/posts/web-app-sec/2019-05-18-xxe-with-net-in-2019/Sat, 18 May 2019 05:35:00 -0700https://soffensive.github.io/posts/web-app-sec/2019-05-18-xxe-with-net-in-2019/<p>After the seminal blog post by <a href="https://www.jardinesoftware.net/2016/05/26/xxe-and-net/" target="_blank" rel="noopener noreffer ">James Jardine</a> in 2016 on XXE exploitation in .NET applications back in 2016, Microsoft seems to have implemented some additional changes regarding the default behavior of XML parsers.</p> <p>We work through the different XML methods provided and their corresponding vulnerable configurations. For all experiments, .NET framework 4.6 was chosen.</p> <div class="details admonition tip open"> <div class="details-summary admonition-title"> <i class="icon fas fa-lightbulb fa-fw" aria-hidden="true"></i>TL;DR<i class="details-icon fas fa-angle-right fa-fw" aria-hidden="true"></i> </div> <div class="details-content"> <div class="admonition-content"><p>In order to create an XXE vulnerability for applications using .NET framework 4.6+, you have to instantiate a vulnerable <code>XmlResolver</code> beforehand.</p>