Major Description
| XML external entity injection. The tag <!DOCTYPE foo [<!ENTITY xxeiltvf SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the server. Such a tag defines an external entity, *xxeiltvf, which references a file on the server's filesystem. This entity could then be used within a data field in the XML document. The server's response contains the contents of the specified file, which could expose sensitive data. XML entity expansion attacks must also be prevented. The tag <!DOCTYPE foo [<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1 "&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY xeevowya3 "&xeevowya2;&xeevowya2;">]> could be injected into XML. Such a tag creates a series of entities, each of which is recursively defined using the value of the preceding entity. The final entity can then be used within a data field in the XML document. The server's response contains the recursively expanded value of this entity. This could serve as a DOS attack vector. |