XXE via SAML

This was on a private bounty program. I have redacted all the info related to the program. Enjoy!

Out of Band XML External Entity Injection via SAML – redacted

Advertisements
XXE via SAML

Cisco Edge 340 Series v1.1 LFI as root

Originally I just had default administrator credentials then I poked around for less than 10 minutes and found a configuration export which allowed me to export files with root privileges.

Attached pdf for the LFI

Default credentials: admin:aDMIN123#

Cisco Edge 430 LFI

shadow

Cisco Edge 340 Series v1.1 LFI as root