Scribd
Upload
112 views1 page

XML Attacks: Denial of Service SOAP Attacks

The document is a mind map showing various web service attacks. It outlines attacks like SOAP action spoofing, replay attacks, WSDL enumeration, SOAP parameter denial of service, XML signature attacks, XML injection attacks, denial of service attacks targeting XML canonicalization, XSLT transformations and XPath queries, as well as attack obfuscation techniques and metadata spoofing. It also lists some common tools used to carry out XML external entity and XXE attacks.

Uploaded by

admin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
112 views1 page

XML Attacks: Denial of Service SOAP Attacks

The document is a mind map showing various web service attacks. It outlines attacks like SOAP action spoofing, replay attacks, WSDL enumeration, SOAP parameter denial of service, XML signature attacks, XML injection attacks, denial of service attacks targeting XML canonicalization, XSLT transformations and XPath queries, as well as attack obfuscation techniques and metadata spoofing. It also lists some common tools used to carry out XML external entity and XXE attacks.

Uploaded by

admin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

MindMap by: Harsh Bothra

Twitter: @harshbothra_
https://www.ws-attacks.org/SOAPAction_ https://harshbothra.tech
SOAP Action Spoofing Billion Laugh Attack
Spoofing
XML Entity Expansion Quadratic Blowup Attack
https://www.ws-attacks.org/Replay_Attack Replay Attacks

Recursive Entity Reference


https://www.ws-attacks.org/WSDL_ SOAP Attacks
WSDL Enumeration
Disclosure Denial of Service XML Flooding
SOAP Parameter DOS
Signature Redirect
SOAP Array Attack Reference Redirect Attack
Encryption Redirect

https://www.ws-attacks.org/XML_
Signature_%E2%80%93_XSLT_Code_ XSLT Code Execution http://projects.webappsec.org/w/page/
Execution 13247005/XPath%20Injection#:~:text=
XPath%20Injection%20is%20an%20attack,
https://www.ws-attacks.org/XML_ query%20or%20navigate%20XML%
XML Signature - Key Retrieval XSA (Cross 20documents.
Signature_-_Key_Retrieval_XSA_(Cross_Site_
Site Attack)
Attack)
XPATH Injection https://www.soapui.org/docs/security-
XML Signature Exclusion XML Signature Attacks testing/security-scans/xpath-injection/

XML Signature Wrapping https://rhinosecuritylabs.com/penetration-


testing/xpath-injection-attack-defense-
Key Retrieval DOS techniques/

C14N DOS
Denial of Service
http://projects.webappsec.org/w/page/
XSLT DOS 13247004/XML%20Injection
Transformation DOS
XPATH DOS https://owasp.org/www-project-web-
security-testing-guide/latest/4-Web_
https://www.ws-attacks.org/XML_ XML Injection Application_Security_Testing/07-Input_
Signature_%E2%80%93_Transformation_DOS Validation_Testing/07-Testing_for_XML_
Injection

https://research.cs.wisc.edu/mist/
https://www.ws-attacks.org/Attack_ SoftwareSecurityCourse/Chapters/3_8_4-
Attack Obfuscation
Obfuscation XML-Injections.pdf

WSDL Spoofing

WS Security Policy Spoofing XXEServe (https://github.com/joernchen/


Metadata Spoofing
xxeserve)
https://www.ws-attacks.org/Metadata_
Spoofing XXExploiter (https://github.com/
Misc.
luisfontes19/xxexploiter)
Malicious Morphing
Active WS-MITM XXEinjector (https://github.com/enjoiz/
Routing Detour Tools XXEinjector)

Passive WS-MITM 230-OOB (https://github.com/lc/230-OOB)

Coercive Parsing OXML_XXE (https://github.com/BuffaloWill/


oxml_xxe)

DOCEM (https://github.com/whitel1st/docem)
https://github.com/OWASP/
CheatSheetSeries/blob/master/cheatsheets/
Simple Payload Processing
XML_Security_Cheat_Sheet.md
General/Classical XXE
https://www.ws-attacks.org/ XML Attacks Base64 Payload Processing

data://
https://www.slideshare.net/ssuserf09cba/
xxe-how-to-become-a-jedi
phar://
https://github.com/swisskyrepo/
PayloadsAllTheThings/tree/master/XXE% rar://
20Injection XXE with Wrappers
php://
https://cheatsheetseries.owasp.org/
cheatsheets/XML_External_Entity_Prevention_
References
expect://
Cheat_Sheet.html
Can result into RCE
https://github.com/omurugur/XXE_Payload_
List Xincludes based XXE

https://github.com/HLOverflow/XXE-study Blind XXE


XML External Entities
https://github.com/reddelexc/hackerone- XXE with Local DTD
reports/blob/master/tops_by_bug_type/
TOPXXE.md Error Based XXE

https://gosecure.github.io/xxe-workshop/#0 SSRF

Local File Read


https://www.blackhat.com/docs/us-15/
materials/us-15-Arnaboldi-Abusing-XSLT- Large File Retrieval
For-Practical-Attacks-wp.pdf Denial of Service
Entity Reference Attack
https://vulncat.fortify.com/en/detail?id= Attack Chaining
desc.dataflow.java.xslt_injection Windows Share Stealing
References
https://book.hacktricks.xyz/pentesting-web/ Remote Code Execution
xslt-server-side-injection-extensible-
stylesheet-languaje-transformations Port Scanning

https://www.contextis.com/en/blog/xslt- Pass The Hash


server-side-injection-attacks
General Payload Processing
Cross-Site Scripting XSLT Attack XXE via SVG
OOB via SVG rasterization
Arbitrary File Read
OOXML (DOCX, XLSX, PPTX), ODF, PDF, RSS
Code Execution
XXE inside DTD file
SSRF XXE via various Files
XXE via SOAP
Data Exfiltration & XXE
Note: Some of these techniques may not be
actively exploitable. However, always good XXE via XMP
to look for the possibilities
Oversized SOAP Header Other XML Processing: XMLRPC, WebDAV,
SOAP, XMPP, SAML
Oversized SOAP Body

Oversized SOAP Envelope


https://research.nccgroup.com/2021/03/29/
SAML XML Injection saml-xml-injection/
XML Extra Long Names Oversized XML Attack
XML Namespace Prefix Attack

XML Oversized Attribute Content

XML Oversized Attribute Count

Review Credits & Thanks:

Avinash K. Thapa - @iw00tr00t


Yatin Sirpaul - @ysirpaul
Aditya Dixit - @zombie007o
Mukesh Kumar - @hack_logic
Jesus A. Espinoza - @ArthusuxD

You might also like