FileCry - The New Age Of XXE

by Xiaoran Wang & Sergey Gorbaty

Xml eXternal Entities (XXE) is one of the most deadly vulnerabilities on the Internet, and we will demonstrate how critical enterprise software packages are still vulnerable to these attacks today. In this action-packed presentation, we will demonstrate two 0-day vulnerabilities we identified in both popular server (Java) and client-side (Internet Explorer) technologies. The first vulnerability can be exploited with an attacker-controlled XML leading to arbitrary file ex-filtration on a target server even with all the Java protections enabled. The second vulnerability, allows an attacker to steal both arbitrary files on the local hard drive and secret information across origins with a malicious webpage. Therefore, effectively bypassing the Same Origin Policy and breaching the web-local separation. Both exploits are reliable and do not depend on memory corruptions.

Join us as we take you through an exciting journey of finding, exploiting these vulnerabilities, and preventing this class of attacks in the future.

FileCry - The New Age Of XXE blackhat 2015
14 Likes	14 Dislikes
4,320 views views	117K followers
People & Blogs	Upload TimePublished on 29 Dec 2015

Related keywords

1. infosec news
2. information security manager
3. blackhat asia 2019
4. blackhat 2019
5. infosec twitter
6. blackhat 2018
7. black hat seo technique
8. blackhat europe
9. blackhat badger sekiro
10. black hat x reader
11. black hat cartoon
12. black hat x dr flug
13. cyber securityとは
14. blackhat conference 2019
15. cyber security cloud
16. black hat full movie
17. blackhat badger
18. blackhat forum
19. information security foundation 勉強
20. infosec rotkreuz
21. cyber security framework
22. information security policy template
23. infosecurity utrecht
24. infosec ups system
25. cyber security news
26. cyber security act
27. infosecurity
28. blackhat full movie
29. infosec blog
30. black hat badger
31. information security foundation 参考書
32. information security management system
33. cyber security conference
34. black hat seo
35. cyber security pro
36. black hat movie
37. blackhat imdb
38. infosec podcast
39. black hat cast
40. cyber security pro 新しいネットワークが検出されました
41. cyber security cloud managed rules
42. cyber security measures
43. information security governance
44. infosec global
45. infosecurity europe 2020
46. infosec health
47. infosec magazine
48. information security 日本語
49. infosec 19
50. black hat anime
51. information security foundation
52. infosecurity magazine
53. cyber security tokyo
54. black hat meaning
55. black hatch
56. information security definition
57. information security pdf
58. infosec europe 2019
59. cyber security market
60. infosec institute
61. infosec 2019 london
62. information security foundation 難易度
63. black hatch gamefowl
64. cyber security management system
65. information security certifications
66. blackhat film
67. cyber security pro アンインストール
68. information security specialist
69. cyber security 意味
70. cyber security analyst
71. information security policy
72. black hat usa 2019
73. information security forum
74. information security news
75. infosec conferences
76. information security officer
77. infosekta
78. cyber security japan
79. blackhat trailer
80. information security analyst
81. cyber security university
82. black hat hacker
83. black hat forum
84. cyber security company
85. black hat hacking
86. black hat villainous
87. blackhat conference
88. information security foundation based on iso/iec 27001
89. blackhat usa
90. cyber security report
91. blackhatworld
92. black hat x demencia
93. information security management
94. blackhat cast
95. black hat 2019
96. infosec reactions