XSW 4 Fix #205

2024-12-18 10:26:09 +00:00 · 2020-05-12 14:27:25 +02:00 · 2020-05-12 14:27:25 +02:00 · a65fdbb568
commit a65fdbb568
parent e95a4aeac0
2 changed files with 3 additions and 2 deletions
--- a/Resources/Cloud
+++ b/Resources/Cloud
@ -30,8 +30,9 @@
    $ git clone https://github.com/hausec/PowerZure
    $ ipmo .\PowerZure
    $ Set-Subscription -Id [idgoeshere]
+
    # Reader
-    $ Get-Runbook
+    $ Get-Runbook, Get-AllUsers, Get-Apps, Get-Resources, Get-WebApps, Get-WebAppDetails

    # Contributor
    $ Execute-Command -OS Windows -VM Win10Test -ResourceGroup Test-RG -Command "whoami"
--- a/Injection/README.md
+++ b/Injection/README.md
@ -70,7 +70,7 @@ XML Signature Wrapping (XSW) attack, some implementations check for a valid sign
 - XSW1 – Applies to SAML Response messages. Add a cloned unsigned copy of the Response after the existing signature.
 - XSW2 – Applies to SAML Response messages. Add a cloned unsigned copy of the Response before the existing signature.
 - XSW3 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion before the existing Assertion.
- XSW4 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion after the existing Assertion.
+- XSW4 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion within the existing Assertion.
 - XSW5 – Applies to SAML Assertion messages. Change a value in the signed copy of the Assertion and adds a copy of the original Assertion with the signature removed at the end of the SAML message.
 - XSW6 – Applies to SAML Assertion messages. Change a value in the signed copy of the Assertion and adds a copy of the original Assertion with the signature removed after the original signature.
 - XSW7 – Applies to SAML Assertion messages. Add an “Extensions” block with a cloned unsigned assertion.