XML External Entity attack
解析外部xml给本地带来的安全隐患。
https://en.wikipedia.org/wiki/XML_external_entity_attack
An XML External Entity (XXE) attack[1][2] is a type of computer security vulnerability typically found in Web applications. XXE enables attackers to disclose normally protected files from a server or connected network.
The XML standard includes the idea of an external general parsed entity (an external entity). During parsing of the XML document, the parser will expand these links and include the content of the URI in the returned XML document.
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
The XML 1.0 standard defines the structure of an XML document. The standard defines a concept called an entity, which is a storage unit of some type. There are a few different types of entities, external general/parameter parsed entity often shortened to external entity, that can access local or remote content via a declared system identifier. The system identifier is assumed to be a URI that can be dereferenced (accessed) by the XML processor when processing the entity. The XML processor then replaces occurrences of the named external entity with the contents dereferenced by the system identifier. If the system identifier contains tainted data and the XML processor dereferences this tainted data, the XML processor may disclose confidential information normally not accessible by the application. Similar attack vectors apply the usage of external DTDs, external stylesheets, external schemas, etc. which, when included, allow similar external resource inclusion style attacks.
Attacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier. Since the attack occurs relative to the application processing the XML document, an attacker may use this trusted application to pivot to other internal systems, possibly disclosing other internal content via http(s) requests or launching a CSRF attack to any unprotected internal services. In some situations, an XML processor library that is vulnerable to client-side memory corruption issues may be exploited by dereferencing a malicious URI, possibly allowing arbitrary code execution under the application account. Other attacks can access local resources that may not stop returning data, possibly impacting application availability if too many threads or processes are not released.
Note that the application does not need to explicitly return the response to the attacker for it to be vulnerable to information disclosures. An attacker can leverage DNS information to exfiltrate data through subdomain names to a DNS server that he/she controls.
XML External Entity attack的更多相关文章
- XXE(XML External Entity attack)XML外部实体注入攻击
导语 XXE:XML External Entity 即外部实体,从安全角度理解成XML External Entity attack 外部实体注入攻击.由于程序在解析输入的XML数据时,解析了攻击者 ...
- XML External Entity attack/XXE攻击
XML External Entity attack/XXE攻击 1.相关背景介绍 可扩展标记语言(eXtensible Markup Language,XML)是一种标记语言,被设计用来传输和存 ...
- Microsoft Internet Explorer v11 XML External Entity Injection 0day
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3 ...
- 【译】Attacking XML with XML External Entity Injection (XXE)
原文链接:Attacking XML with XML External Entity Injection (XXE) XXE:使用XML外部实体注入攻击XML 在XML中,有一种注入外部文件的方式. ...
- 4.XXE (XML External Entity Injection)
XXE (XML External Entity Injection) 0x01 什么是XXE XML外部实体注入 若是PHP,libxml_disable_entity_loader设置为TRUE可 ...
- XML External Entity Injection(XXE)
写在前面 安全测试fortify扫描接口项目代码,暴露出标题XXE的问题, 记录一下.官网链接: https://www.owasp.org/index.php/XML_External_Entity ...
- Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3 ...
- Fortify漏洞之XML External Entity Injection(XML实体注入)
继续对Fortify的漏洞进行总结,本篇主要针对 XML External Entity Injection(XML实体注入) 的漏洞进行总结,如下: 1.1.产生原因: XML External ...
- Portswigger web security academy:XML external entity (XXE) injection
Portswigger web security academy:XML external entity (XXE) injection 目录 Portswigger web security aca ...
随机推荐
- yii2 ContentDecorator 和 block 挂件
在做网站的过程中,大部分的页面结构都是相似的.如都有相同的头部和底部.各个页面这样仅仅是中间的部分不同. Yii中的布局文件就是用来实现这样的功能.如: 布局文件:@app/views/layouts ...
- jQuery select添加图标
//下拉菜单样式 /*查找全部select的下拉菜单*/ function getElemsById(cot_val){ return document.getElementById(cot_val) ...
- python把中文文档变为拼音
缘由 新看到的一篇文章,被吓尿.Text Understanding from Scratch,认为word的cnn抽象能力还不够好,使用character来做cnn效果更佳.结果是,由于论文的使用的 ...
- xslt 映射 xml
1.xslt文件映射xml文件中的A节点的时候,如果A节点有属性的话,先把属性值映射出来,然后再映射节点的值,如下: xml文件: <A age="11" sex=" ...
- love2d 0.9发布
2013年12月13(有点遗憾,一个星期后才知道),love2d终于发布新版本了, 可以直接从我的百度网盘下载. 主要的更新有:(简单翻译自官方论坛说明) LuaJIT: 默认使用LuaJIT,性能大 ...
- C#中利用JQuery实现视频网站的缩略图采集
最近有朋友想要采集优酷的视频标题和缩略图 (哈哈, 并非商业目的). 找到我帮忙, 考虑到有我刚刚发布的SpiderStudio, 我毫不犹豫的答应了. 首先在网页上视频的基本结构为: div.v - ...
- Docker Swarm学习教程
原创作品,转载请注明出处:点我 Swarm介绍 Swarm是Docker公司在2014年12月初发布的一套较为简单的工具,用来管理Docker集群,它将一群Docker宿主机变成一个单一的,虚拟的主机 ...
- Cocos2d-x 3.0final 终结者系列教程07-画图节点Node
在Cocos2d-x中全部能看到的都是引擎调用底层图形库函数绘制完毕的. Cocos2d-x将屏幕全部要绘制的全部内容逻辑上保存到一个场景Scene中(尺寸通常会和屏幕大小一致) 而在Scene中又包 ...
- div上下滚动
<div class="table-scrollable" style='height:601px'></div> <style> .table ...
- 关于Unity中场景视图的使用
1.在任何状态下,按下鼠标中键可以切换到手掌的那个状态,可以移动当前场景 2.在手掌的那个状态,按住鼠标左键是移动场景视图,右键是视角绕着摄像机移动,按住alt+鼠标左键,是绕着指定物体旋转视角 3. ...