解析外部xml给本地带来的安全隐患。

https://en.wikipedia.org/wiki/XML_external_entity_attack

An XML External Entity (XXE) attack[1][2] is a type of computer security vulnerability typically found in Web applications. XXE enables attackers to disclose normally protected files from a server or connected network.

The XML standard includes the idea of an external general parsed entity (an external entity). During parsing of the XML document, the parser will expand these links and include the content of the URI in the returned XML document.

https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

The XML 1.0 standard defines the structure of an XML document. The standard defines a concept called an entity, which is a storage unit of some type. There are a few different types of entities, external general/parameter parsed entity often shortened to external entity, that can access local or remote content via a declared system identifier. The system identifier is assumed to be a URI that can be dereferenced (accessed) by the XML processor when processing the entity. The XML processor then replaces occurrences of the named external entity with the contents dereferenced by the system identifier. If the system identifier contains tainted data and the XML processor dereferences this tainted data, the XML processor may disclose confidential information normally not accessible by the application. Similar attack vectors apply the usage of external DTDs, external stylesheets, external schemas, etc. which, when included, allow similar external resource inclusion style attacks.

Attacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier. Since the attack occurs relative to the application processing the XML document, an attacker may use this trusted application to pivot to other internal systems, possibly disclosing other internal content via http(s) requests or launching a CSRF attack to any unprotected internal services. In some situations, an XML processor library that is vulnerable to client-side memory corruption issues may be exploited by dereferencing a malicious URI, possibly allowing arbitrary code execution under the application account. Other attacks can access local resources that may not stop returning data, possibly impacting application availability if too many threads or processes are not released.

Note that the application does not need to explicitly return the response to the attacker for it to be vulnerable to information disclosures. An attacker can leverage DNS information to exfiltrate data through subdomain names to a DNS server that he/she controls.

XML External Entity attack的更多相关文章

  1. XXE(XML External Entity attack)XML外部实体注入攻击

    导语 XXE:XML External Entity 即外部实体,从安全角度理解成XML External Entity attack 外部实体注入攻击.由于程序在解析输入的XML数据时,解析了攻击者 ...

  2. XML External Entity attack/XXE攻击

    XML External Entity attack/XXE攻击   1.相关背景介绍 可扩展标记语言(eXtensible Markup Language,XML)是一种标记语言,被设计用来传输和存 ...

  3. Microsoft Internet Explorer v11 XML External Entity Injection 0day

    [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source:  http://hyp3 ...

  4. 【译】Attacking XML with XML External Entity Injection (XXE)

    原文链接:Attacking XML with XML External Entity Injection (XXE) XXE:使用XML外部实体注入攻击XML 在XML中,有一种注入外部文件的方式. ...

  5. 4.XXE (XML External Entity Injection)

    XXE (XML External Entity Injection) 0x01 什么是XXE XML外部实体注入 若是PHP,libxml_disable_entity_loader设置为TRUE可 ...

  6. XML External Entity Injection(XXE)

    写在前面 安全测试fortify扫描接口项目代码,暴露出标题XXE的问题, 记录一下.官网链接: https://www.owasp.org/index.php/XML_External_Entity ...

  7. Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity

    [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source:  http://hyp3 ...

  8. Fortify漏洞之XML External Entity Injection(XML实体注入)

    继续对Fortify的漏洞进行总结,本篇主要针对  XML External Entity Injection(XML实体注入) 的漏洞进行总结,如下: 1.1.产生原因: XML External ...

  9. Portswigger web security academy:XML external entity (XXE) injection

    Portswigger web security academy:XML external entity (XXE) injection 目录 Portswigger web security aca ...

随机推荐

  1. Roslyn介绍

    介绍 一般来说,编译器是一个黑箱,源代码从一端进入,然后箱子中发生一些奇妙的变化,最后从另一端出来目标文件或程序集.编译器施展它们的魔法,它们必须对所处理的代码进行深入的理解,不过相关知识不是每个人都 ...

  2. oracle中select clob的返回类型

    当select的字段是clob类型的数据时,但是数据长度在2000字节到4000字节时,默认转为long类型. 所以当用insert into select的时候,预期插入的是clob类型,但是报or ...

  3. love2d--glsl01简单的渲染

    love2d一个好玩的地方是支持glsl1.2,并修改简化,glsl1.2的文档 地址为:http://www.opengl.org/registry/doc/GLSLangSpec.Full.1.2 ...

  4. Linux下HTTP Server

    想在Linux下实现一个简单的web Server并不难.一个最简单的HTTP Server不过是一个高级的文件服务器,不断地接收客户端(浏览器)发送的HTTP请求,解析请求,处理请求,然后像客户端回 ...

  5. BZOJ 3922 - Karin的弹幕

    Karin的弹幕 Problem's Link ---------------------------------------------------------------------------- ...

  6. WINDOWS中设置计划任务执行PHP文件

    1.写一个PHP程序,命名为test.php,内容如下所示: <? $fp = fopen("test.txt", "a+"); fwrite($fp, ...

  7. 【BZOJ】2301: [HAOI2011]Problem b(莫比乌斯+分块)

    http://www.lydsy.com/JudgeOnline/problem.php?id=2301 和这题不是差不多的嘛--[BZOJ]1101: [POI2007]Zap(莫比乌斯+分块) 唯 ...

  8. 【BZOJ】1651: [Usaco2006 Feb]Stall Reservations 专用牛棚(线段树/前缀和 + 差分)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1651 很奇妙.. 我们发现,每一时刻的重叠数选最大的就是答案.... orz 那么我们可以线段树维护 ...

  9. thinkPHP中phpexcel的导出功能

    public function wExcel() { vendor("PHPExcel.PHPExcel"); // Create new PHPExcel object $obj ...

  10. MyBitis(iBitis)系列随笔之六:mybitis与spring集成

    目前Spring官方还没有出整合Mybatis的特性,但是mybitis比较给力,开发了一个mybatis-spring插件,达到与Spring的完美整合目的. 在与Spring集成前,一方面我们需要 ...