Books for you

If the RSS aggregator is
vulnerable, the attacker will see the contents of /etc/passwd on the vulnerable aggregator
while viewing the attack RSS feed.
By simply uploading an XML file, the XML file can even send the files back to the
attacker. This is great for attacking backend systems where the attacker will never see the
output of the XML file. Create one entity to load up a sensitive file on the server (say
c:\boot.ini) and create another entity loading an URL to the attacker??™s site with the
former entity within the request, as so:



]>
&sendbootini;
Obviously, this attack can lead to arbitrary file disclosure on the vulnerable web
server. It is not limited to RSS feeds. This attack can be mounted on all web applications
that accept XML documents and parse the document.
It??™s amazing how many web applications integrate RSS feeds as an add-on feature.
These applications tend to add this feature as an afterthought and are vulnerable to this
attack.
Preventing XXE Attacks
To protect against XXE attacks, simply instruct the XML parser you use to prohibit
external entities.


Pages:
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77