开发者

coercive parsing attack

when 开发者_如何转开发studying about xml vulnerabilities , i came accross coercive parsing attack. can anybody say what exactly is Coercive parsing attack(in SOA applications). How does the attack take place? How can one implement this attack using xml parser in java?


For an example implementation of this attack, see the "Billion Laughs Attack."

For a full discussion of the attack, how to test for it, and basic defenses, see the "Web Security Testing Cookbook" recipe on Malicious XML. (Free Google Preview - it's only 3 pages). An excerpt:

"This billion laughs attack abuses the tendency of many XML parsers to keep the entire structure of the XML document in memory as it is parsed ... enough to exhaust a vulnerable program's available memory."

Here's a few other resources:

http://www.ibm.com/developerworks/xml/library/x-tipcfsx.html

http://en.wikipedia.org/wiki/Billion_laughs


Because web services need to consume messages and XML documents it is possible to create XML documents which may strain the consuming systems as they try to validate and route it. Send enough of those documents at once and the consuming system may use up all its resources trying to work out if the messages are good or not and reject valid messages. Usually you do it by constructing a message with an insanely deep nesting structure, or even recursive nesting.

You'll implement it by constructing such a document and sending it off to the web service.


Generally applications use document type definitions(DTDs) for backward compatibility.
XML definitions allow the use of element "CDATA" which allows illegal characters '<','&'.
All text in an xml document will be parsed by parser. But text inside te cdata section will be ignored by parsers which allows the attackers to send possible system commands to the underlying systems and can sneak in system commands that could potentially be disastrous, they could allow the attaker to manipulate the host with a series of commands.
They could also be used for injection attacks like xpath injection attacks.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜