Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

【Note】Derbycon 2018: Extending Burp to Find Struts and XXE Vulnerabilities

wpadmin~October 23, 2018 /InfoSec

【Note】Derbycon 2018: Extending Burp to Find Struts and XXE Vulnerabilities

【Note】Derbycon 2018: Extending Burp to Find Struts and XXE Vulnerabilities

基本信息

Stable 21 Extending Burp to Find Struts and XXE Vulnerabilities Chris Elgee

Burp Better
Extending Burp to Find Struts and XXE Vulnerabilities
Build Cool Things and GIVE THEM AWAY.

Speaker: https://twitter.com/chriselgee

总结

核心论点就是模仿 ActiveScan++ , 添加一些新的扫描策略。

13:46 开始 介绍了一个 Jamf Pro 的 XXE zero day
(就是用作者修改版的 ActiveScan++ 发现的)
可用于探测内网端口开放情况

ActiveScan++

By albinowax (James Kettle), PortSwigger, written in Python

Checks for:

Potential host header attacks
Edge Side Includes
XML input handling
Suspicious input transformation (eg 7*7 => ’49’, \\ => \)
Blind code injection via expression language, Ruby’s open() and Perl’s open()
CVE-2014-6271/6278 ‘shellshock’, CVE-2015-2080, CVE-2017-5638, CVE-2017-12629

Requires Burpsuite Pro, jython, and Collaborator

Leave a Reply

Your email address will not be published. Required fields are marked *