![]() ![]() Later, an admin user views the payload, and their browser performs the interaction. In the example below, Burp Suite submits a stored XSS payload designed to trigger a Collaborator interaction if it is ever rendered to a user. This enables the detection of various stored vulnerabilities, such as second-order SQL injection and blind XSS. The Collaborator server can notify Burp of deferred interactions that occur asynchronously following submission of the relevant in-band payload to the target. The following example uses an Oracle-specific API to trigger an interaction when we successfully inject into a SQL statement: Burp Suite can detect this issue by inducing the Collaborator server to return specific data in its responses to the external interactions, and analyzing the application's in-band response for that same data:īurp can submit injection-based payloads designed to trigger an external interaction when the injection is successful, enabling the detection of completely blind injection vulnerabilities. ![]() Out-of-band resource load happens when an application can be induced to load content from an arbitrary external source, and include it in its own response. Both interactions contain the random data that Burp placed into the Collaborator subdomain.īurp polls the Collaborator server and asks: "Did you receive any interactions for my payload?", and the Collaborator returns the interaction details.īurp reports the external service interaction to the Burp user, including the full interaction messages that were captured by the Collaborator server. The DNS lookup and the HTTP request are received by the Collaborator server. To do this, it will first perform a DNS lookup on the random subdomain, and then perform an HTTP request.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |