This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. XXE in XSL stylesheet functionality in a common library used by some web browsers. XXE in product that performs large-scale data analysis. XXE in web-based administration tool for database. XXE in office document product using RDF. ![]() XXE in database server XXE in rapid web application development framework allows reading arbitrary files. XXE during SVG image conversion XXE in PHP application allows reading the application's configuration file. A browser control can allow remote attackers to determine the existence of files via Javascript containing XML script. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Many XML parsers and validators can be configured to disable external entity expansion. An acronym used for the term "XML eXternal Entities" Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.ĬWE-611 : Improper Restriction of XML External Entity Reference ![]() In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack.
0 Comments
Leave a Reply. |