[
Lists Home |
Date Index |
Thread Index
]
No surprises for us given that we've discussed this and related issues
here several times over the last few years, but nice to see it getting
a wider circulation. And unlike the theoretical discussions we've had,
this guy has gone out and tested existing software ...
http://online.securityfocus.com/archive/1/297714/2002-10-27/2002-11-02/0
Gregory Steuck security advisory #1, 2002
Overview:
XXE (Xml eXternal Entity) attack is an attack on an application that
parses XML input from untrusted sources using incorrectly configured
XML parser. The application may be coerced to open arbitrary files
and/or TCP connections.
Cheers,
Miles
|