Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-14 08:57:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-3782: No subject

Browse source
This commit is contained in:
CPol 2023-02-16 12:43:10 +00:00 committed by gitbook-bot
parent d97b2eac72
commit 314bdaef36
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pentesting-web/saml-attacks/README.md
View file

@ -169,6 +169,8 @@ Due to the fact that SAML Responses are deflated and base64d **XML documents*
You can also use the Burp extension [**SAML Raider**](https://portswigger.net/bappstore/c61cfa893bb14db4b01775554f7b802e) to generate the POC from a SAML request to test for possible XXE vulnerabilities.
Check also this talk: [https://www.youtube.com/watch?v=WHn-6xHL7mI](https://www.youtube.com/watch?v=WHn-6xHL7mI)
## XSLT via SAML
For more information about XSLT go to:
@ -207,6 +209,8 @@ Here you can find a **POC** to check for this kind of vulnerabilities, in the ha
You can also use the Burp extension [**SAML Raider**](https://portswigger.net/bappstore/c61cfa893bb14db4b01775554f7b802e) to generate the POC from a SAML request to test for possible XSLT vulnerabilities.
Check also this talk: [https://www.youtube.com/watch?v=WHn-6xHL7mI](https://www.youtube.com/watch?v=WHn-6xHL7mI)
## XML Signature Exclusion <a href="#xml-signature-exclusion" id="xml-signature-exclusion"></a>
Signature Exclusion is used to test how the SAML implementation behaves when there is **no Signature elemen**t. When a Signature element is **absent** the **signature validation step may get skipped entirely**. If the Signature isnt validated, then any of the contents that would typically be signed may be tampered with by an attacker.