...
| Code Block | ||
|---|---|---|
| ||
class CustomResolver implements EntityResolver {
public InputSource resolveEntity(String publicId, String systemId)
throws SAXException, IOException {
// check for known good entities
String entityPath = "/home/username/java/xxe/file";
if (systemId.equals(entityPath)) {
System.out.println("Resolving entity: " + publicId +
" " + systemId);
return new InputSource(entityPath);
} else {
return new InputSource(); // Disallow unknown entities
// by returning a blank path
}
}
}
class XXE {
private static void receiveXMLStream(InputStream inStream,
DefaultHandler defaultHandler)
throws ParserConfigurationException, SAXException, IOException {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
// To set the Entity Resolver, an XML reader needs to be created
XMLReader reader = saxParser.getXMLReader();
reader.setEntityResolver(new CustomResolver());
reader.setErrorHandlersetContentHandler(defaultHandler);
InputSource is = new InputSource(inStream);
reader.parse(is);
}
public static void main(String[] args)
throws ParserConfigurationException, SAXException, IOException {
receiveXMLStream(new FileInputStream("evil.xml"),
new DefaultHandler());
}
}
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="97680ef41b58d45b-c3f6c552-4db54891-9f03baa7-dc6cbbf6785f5a480fd49d94"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Injection [RST] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-116. Improper encoding or escaping of output |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7641491ede61ad98-504b2cb8-4c0e4a38-9b0b92a6-308b4e73ef5535932437ee66"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. References#OWASP 05]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3e0ce37edf8d712f-635def7a-45914ec5-8deea2e6-2ff31683128382b8be41d064"><ac:plain-text-body><![CDATA[ | [[OWASP 2007 | AA. References#OWASP 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f38261efeac08285-4f1e5a05-4b6a491d-ac08bd12-ac6432915d8d5e6a24c8959a"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. References#OWASP 08]] | [Testing for XML Injection (OWASP-DV-008) | https://www.owasp.org/index.php/Testing_for_XML_Injection_%28OWASP-DV-008%29] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8cea27de3dec35f0-67f186d8-4b4f42e8-90f6ba64-d6dad505ed0b0da0b2d9293a"><ac:plain-text-body><![CDATA[ | [[W3C 2008 | AA. References#W3C 08]] | 4.4.3, Included If Validating | ]]></ac:plain-text-body></ac:structured-macro> |
...