XML Vulnerabilities Flashcards
What is XML?
Extensive Markup Language
Note: It’s a set of codes or tags that defines rules for text in a digital document. It’s readable by both humans and machines. It was designed to store and transport data.
What is XML used for?
It’s used by web apps for authentication, authorizations, and for data exchanging and uploading.
How do you protect XML data?
XML data needs to be encrypted and/or with input validation.
What attacks is XML vulnerable to?
Spoofing
Request forgery
Code injection
What is an XML Bomb?
Known as the Billion Laughs Attack.
XML encodes entities that expand to exponential sizes consuming memory and potentially crashing the host.
Essentially this is a denial of service attack.
What is an XML External Entity? (XXE)
An attack that embeds a request for a local resource.
Note: This is how file inclusion attacks occur.
Note: This can be prevented with input validation.
Exam Note: If there is something with XML written in it, and it is clearly XML, it will be an XML vulnerability.
It may be called XML vulnerability, XML exploitation, XML injection.
HTML uses Keywords: Font, Image, Atrib
XML uses Keywords: Question, ID, Type, Entity