On Tue, Feb 1, 2011 at 5:55 PM, HI-TECH . < isowarez.isowarez.isowa...@googlemail.com> wrote:
> Hello lists, > > the paper included in this email discusses as the subject describes the > issues of XML Parsers and how they can be exploited in a web > application environment. > >From the Preface: > > During the audit of web applications one might come across an > application which handles XML files. > Specifically there can be an application which allows uploading XML > files which are thereafter inserted > into a database and used for later displaying on the front end of the > application viewable by the user. > I came across a significant “vulnerability class” which allows an > attacker (or penetration tester) to > evoke a scenario which will give access to all files on the underlying > file system which the application > server runs as. This includes (in the case the application is > programmed in the Java language) access > to directory listings as well. > > Any pointers if this was helpful to you are appriciated. > This attack is called XXE (Xml eXternal Entity). It's depressing because it's been known about since at least 2002 ( http://archive.cert.uni-stuttgart.de/bugtraq/2002/10/msg00421.html), yet it still keeps rearing its head. There's also the "billion laughs" attack which is a variant that consumes excessive server-side resource. There have also been client-side examples of this attack, including in Safari and (IIRC) Adobe Reader. Cheers Chris > > > Best Regards, > > Kingcope > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/