secDevLabs icon indicating copy to clipboard operation
secDevLabs copied to clipboard
verified publisher icon globocom

fix: "Mitigated XXE vulnerability in contact.php"

Open unixlira opened this issue 1 year ago • 0 comments

Aqui está um template ajustado para a criação de um Pull Request, focado em explicar de forma clara a solução para a mitigação da vulnerabilidade:

This solution refers to which of the apps?

A5 - ViniJR Blog (Security Misconfiguration - XXE)

What did you do to mitigate the vulnerability?

To mitigate the XXE vulnerability, I disabled the loading of external entities in the XML parser by using the following flags:

  • LIBXML_NOENT flag was removed.
  • LIBXML_DTDLOAD was replaced with LIBXML_NONET to prevent any external entities from being loaded.

These changes ensure that no external entities or files can be accessed through XML input, mitigating the risk of sensitive information disclosure or denial of service attacks.

Did you test your changes? What commands did you run?

Yes, I tested the changes by reproducing the original attack narrative using the malicious evilxml.xml payload. After the mitigation, the application no longer responds with the contents of sensitive files such as /etc/passwd. The command used for testing was:

curl -d @evilxml.xml http://localhost:10004/contact.php ; echo

The output no longer shows sensitive information, confirming that the vulnerability has been successfully mitigated.

unixlira avatar Oct 07 '24 20:10 unixlira