Nearly generic fuzzing of XML-based formats
Nicolas Gr?goire Nullcon 2017
Nearly generic fuzzing of
XML-based formats
nicolas.gregoire@agarri.fr
@agarri_fr
Me?
Nicolas Gr?goire Working in InfoSec for the last 15 years Owner and Pwner at AGARRI
? Web hacking
Published about XXE and SSRF in bug bounties
? Teaching
Trainings (Burp Suite Pro) and talks
? Fuzzing
Mostly client-side nowadays
@agarri_fr
Me vs XSLT Inspirational work
Project goals Design
Implementation Findings
Future work
@agarri_fr
Me vs XSLT Inspirational work
Project goals Design
Implementation Findings
Future work
@agarri_fr
Abuse of features
Talk "Offensive XSLT" (2011)
? No memory corruption, simply abuse the features ? Read and create files, execute arbitrary code ? Highly reliable exploits
Positive side effect
? Produced a large corpus covering most features ? Combine nodes, attributes and namespaces
31337
@agarri_fr
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- examples of service based companies
- generic terms of use template
- free generic terms of use template
- generic version of frontline plus
- generic terms of service document for web
- based off of or based on
- generic letter of recommendation template
- generic bill of sale printable
- generic version of zyrtec
- generic bill of sale form
- the generic types of competitive strategies include
- generic terms of service agreement