XML External Entity attack
解析外部xml给本地带来的安全隐患。
https://en.wikipedia.org/wiki/XML_external_entity_attack
An XML External Entity (XXE) attack[1][2] is a type of computer security vulnerability typically found in Web applications. XXE enables attackers to disclose normally protected files from a server or connected network.
The XML standard includes the idea of an external general parsed entity (an external entity). During parsing of the XML document, the parser will expand these links and include the content of the URI in the returned XML document.
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
The XML 1.0 standard defines the structure of an XML document. The standard defines a concept called an entity, which is a storage unit of some type. There are a few different types of entities, external general/parameter parsed entity often shortened to external entity, that can access local or remote content via a declared system identifier. The system identifier is assumed to be a URI that can be dereferenced (accessed) by the XML processor when processing the entity. The XML processor then replaces occurrences of the named external entity with the contents dereferenced by the system identifier. If the system identifier contains tainted data and the XML processor dereferences this tainted data, the XML processor may disclose confidential information normally not accessible by the application. Similar attack vectors apply the usage of external DTDs, external stylesheets, external schemas, etc. which, when included, allow similar external resource inclusion style attacks.
Attacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier. Since the attack occurs relative to the application processing the XML document, an attacker may use this trusted application to pivot to other internal systems, possibly disclosing other internal content via http(s) requests or launching a CSRF attack to any unprotected internal services. In some situations, an XML processor library that is vulnerable to client-side memory corruption issues may be exploited by dereferencing a malicious URI, possibly allowing arbitrary code execution under the application account. Other attacks can access local resources that may not stop returning data, possibly impacting application availability if too many threads or processes are not released.
Note that the application does not need to explicitly return the response to the attacker for it to be vulnerable to information disclosures. An attacker can leverage DNS information to exfiltrate data through subdomain names to a DNS server that he/she controls.
XML External Entity attack的更多相关文章
- XXE(XML External Entity attack)XML外部实体注入攻击
导语 XXE:XML External Entity 即外部实体,从安全角度理解成XML External Entity attack 外部实体注入攻击.由于程序在解析输入的XML数据时,解析了攻击者 ...
- XML External Entity attack/XXE攻击
XML External Entity attack/XXE攻击 1.相关背景介绍 可扩展标记语言(eXtensible Markup Language,XML)是一种标记语言,被设计用来传输和存 ...
- Microsoft Internet Explorer v11 XML External Entity Injection 0day
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3 ...
- 【译】Attacking XML with XML External Entity Injection (XXE)
原文链接:Attacking XML with XML External Entity Injection (XXE) XXE:使用XML外部实体注入攻击XML 在XML中,有一种注入外部文件的方式. ...
- 4.XXE (XML External Entity Injection)
XXE (XML External Entity Injection) 0x01 什么是XXE XML外部实体注入 若是PHP,libxml_disable_entity_loader设置为TRUE可 ...
- XML External Entity Injection(XXE)
写在前面 安全测试fortify扫描接口项目代码,暴露出标题XXE的问题, 记录一下.官网链接: https://www.owasp.org/index.php/XML_External_Entity ...
- Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3 ...
- Fortify漏洞之XML External Entity Injection(XML实体注入)
继续对Fortify的漏洞进行总结,本篇主要针对 XML External Entity Injection(XML实体注入) 的漏洞进行总结,如下: 1.1.产生原因: XML External ...
- Portswigger web security academy:XML external entity (XXE) injection
Portswigger web security academy:XML external entity (XXE) injection 目录 Portswigger web security aca ...
随机推荐
- 高性能爬虫——asynicio模块
一 背景知识 爬虫的本质就是一个socket客户端与服务端的通信过程,如果我们有多个url待爬取,只用一个线程且采用串行的方式执行,那只能等待爬取一个结束后才能继续下一个,效率会非常低. 需要强调 ...
- 【转】Linux中多线程wait使用注意
使用管道生成的while,是无法进行并发管理的 在处理日志的时候,采用管道多线程,怎么都实现不了wait功能,经上篇文章才知道,使用管道生成的while,无法进行并发管理. while read qu ...
- <unistd.h>的close(0)导致std::cout被关闭
代码如下:其中ZJ::open_max返回系统允许的打开的文件的最大个数 #include "util.h" #include <unistd.h> // int cl ...
- 使用Cookie报错Control character in cookie value, consider BASE64 encoding your value
参考资料: http://www.blogjava.net/persister/archive/2009/10/02/297103.html http://blog.csdn.net/xiaozhen ...
- Django REST framework 知识点总结
一.安装DjangoREST framework #先安装Django #安装必要的包 pip install djangorestframework coreapi (1.32.0+) - Sche ...
- spring配置:context:property-placeholder 读取配置文件信息 在配置文件中使用el表达式填充值
spring将properties文件读取后在配置文件中直接将对象的配置信息填充到bean中的变量里. 原本使用PropertyPlaceholderConfigurer类进行文件信息配置.Prope ...
- go json解析
JSON转换库为 encoding/json 把对象转换为JSON的方法(函数)为 json.Marshal(),其函数原型如下 func Marshal(v interface{}) ([]byte ...
- 10 部署应用程序和applet
跳过 09 Swing用户界面组件 JAR文件 在将应用程序进行打包时, 使用者一定希望仅提供给其一个单独的文件, 而不是一个含有大量类文件的目录, Java归档(JAR)文件就是为此目的而设计的. ...
- 燕十八mysql笔记
mysql复习 一:复习前的准备 1:确认你已安装wamp 2:确认你已安装ecshop,并且ecshop的数据库名为shop 二 基础知识: 1.数据库的连接 mysql -u -p -h -u 用 ...
- SQL on Hadoop 的真相(2)
转自:http://blog.jobbole.com/87159/ 这是一组系列博客,目的是详尽介绍 SQL-on-Hadoop .该系列的第一篇会介绍一些存储引擎和在线事务处理(简称 OLTP )相 ...