ioc[.]one - OSINT Cyber Threat Intelligence Database

SAML XML Injection

Tags

attack-pattern:

Data Authentication Attempt - T1381 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	a15b6eb7-a57e-46c8-bbe0-0b608c40b29d
Fingerprint	bcc91b93553d58a4
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 29, 2021, 2 p.m.
Added to db	Jan. 18, 2023, 10:17 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	SAML XML Injection
Title	SAML XML Injection
Detected Hints/Tags/Attributes	44/1/32

Source URLs

	Redirection	Url
Details	Source	https://research.nccgroup.com/2021/03/29/saml-xml-injection/

URL Provider

Details	Provider	Source level domain
Details	nccgroup.com	research.nccgroup.com

Attributes

Details	Type	#Events	Value
Details	Domain	32	schemas.xmlsoap.org
Details	Domain	150	www.w3.org
Details	Domain	831	example.com
Details	Domain	39	example.org
Details	Email	17	user@example.com
Details	Email	1	user@example.org
Details	Email	1	admin@example.org
Details	File	6	module.php
Details	File	1	saml2-acs.php
Details	File	3	metadata.php
Details	File	31	schemas.xml
Details	IPv4	1441	127.0.0.1
Details	Url	1	http://127.0.0.1/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
Details	Url	1	http://adam.local:8080/ssoservice
Details	Url	1	http://127.0.0.1/simplesaml/module.php/saml/sp/metadata.php/default-sp
Details	Url	1	http://127.0.0.1/simplesaml/module.php/saml/sp/saml2-acs.php/generic-saml-localhost
Details	Url	1	http://127.0.0.1:8080/samlp
Details	Url	1	http://127.0.0.1/simplesaml/module.php/saml/sp/metadata.php/generic-saml-localhost
Details	Url	2	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Details	Url	22	http://www.w3.org/2001/xmlschema
Details	Url	50	http://www.w3.org/2001/xmlschema-instance
Details	Url	1	http://sp.adam.local/simplesaml/module.php/saml/sp/saml2-acs.php/saml1
Details	Url	1	http://idp.adam.local:8080
Details	Url	7	http://www.w3.org/2000/09/xmldsig#
Details	Url	6	http://www.w3.org/2001/10/xml-exc-c14n#
Details	Url	3	http://www.w3.org/2001/04/xmldsig-more#rsa
Details	Url	3	http://www.w3.org/2000/09/xmldsig#enveloped
Details	Url	2	http://www.w3.org/2001/04/xmlenc#sha256
Details	Url	1	http://sp.adam.local
Details	Url	1	http://www.w3.org/2001/xmlschema-instance"><saml:issuer>http://idp.adam.local:8080
Details	Url	1	http://idp.adam.local:8080/ssoservice
Details	Url	1	http://www.w3.org/2001/xmlschema-instance"><saml:issuer>http://idp.adam.local:8080