![DEF CON 23 [Audio] Speeches from the Hacker Convention artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts123/v4/c3/f8/7e/c3f87e44-fc95-645c-620b-3c8e5117429e/mza_5097239825481086059.jpg/100x100bb.jpg)
Fernando Arnaboldi - Abusing XSLT for Practical Attacks - 101 Track
DEF CON 23 [Audio] Speeches from the Hacker Convention
English - September 22, 2015 05:28 - 32.1 MB - ★★★ - 4 ratingsTechnology Education How To def con defcon hacking hacker conference computer security security research defcon 23 def con 23 dc-23 dc23 Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Fernando-Arnaboldi-Abusing-XSLT-for-Practical-Attacks-UPDATED.pdf
Whitepaper Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Fernando-Arnaboldi-Abusing-XSLT-for-Practical-Attacks-WP-UPDATED.pdf
Abusing XSLT for Practical Attacks
Fernando Arnaboldi Senior Security Consultant at IOActive
White paper available here:
https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Fernando Arnaboldi - UPDATED/DEFCON-23-Fernando-Arnaboldi-Abusing-XSLT-for-Practical-Attacks-WP-UPDATED.pdf
Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits.
XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same initialization vector. Error disclosure has always provided valuable information, but thanks to XSLT, it is possible to partially read system files that could disclose service or system's passwords. Finally, XSLT can be used to compromise end-user confidentiality by abusing the same-origin policy concept present in web browsers.
This presentation includes proof-of-concept attacks demonstrating XSLT’s potential to affect production systems, along with recommendations for safe development.
Fernando Arnaboldi is a senior security researcher and consultant at IOActive, Inc. He has over 10 years of experience in the security research space (Deloitte, Core Security Technologies and IOActive) and holds a Bachelor's degree in Computer Science.