WebApp Sec mailing list archives
XML Port Scanning
From: "Paul Theriault" <paul.theriault () sift com au>
Date: Wed, 27 Sep 2006 14:18:40 +1000
SIFT has released a new Intelligence Report that provides a discussion on a new network reconnaissance technique, using XML for completing remote port scans that effectively bypass a perimeter firewall. The technique utilises properties of XML parsers to perform the scanning of systems, and while the technique relies on some reasonably specific implementation details in order to be exploitable remotely, it is potentially applicable to any application that accepts XML document inputs. Several workarounds exist and have been detailed in this paper and the technique does not offer the ability to perform advanced fingerprinting or analysis of the underlying operating system of hosts. However, this technique demonstrates the danger that inadequately configured XML parsers can pose to an organisation and highlights the inability of traditional network security devices to handle application-level threats. The report is available for download from the SIFT website: http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perime ter-firewalls.htm Regards, Paul Theriault www.sift.com.au ------------------------------------------------------------------------- Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself. https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw --------------------------------------------------------------------------
Current thread:
- XML Port Scanning Paul Theriault (Sep 26)
- XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning) Jan P. Monsch (Sep 27)