...
| Code Block | ||
|---|---|---|
| ||
class CustomResolver implements EntityResolver {
public InputSource resolveEntity(String publicId, String systemId)
throws SAXException, IOException {
// check for known good entities
String entityPath = "/home/username/java/xxe/file";
if (systemId.equals(entityPath)) {
System.out.println("Resolving entity: " + publicId +
" " + systemId);
return new InputSource(entityPath);
} else {
return new InputSource(); // Disallow unknown entities
// by returning a blank path
}
}
}
class XXE {
private static void receiveXMLStream(InputStream inStream,
DefaultHandler defaultHandler)
throws ParserConfigurationException, SAXException, IOException {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
// To set the Entity Resolver, an XML reader needs to be created
XMLReader reader = saxParser.getXMLReader();
reader.setEntityResolver(new CustomResolver());
reader.setErrorHandlersetContentHandler(defaultHandler);
InputSource is = new InputSource(inStream);
reader.parse(is);
}
public static void main(String[] args)
throws ParserConfigurationException, SAXException, IOException {
receiveXMLStream(new FileInputStream("evil.xml"),
new DefaultHandler());
}
}
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="40193c89fbdc14fb-6dfb2808-411946fb-9fdba271-4ec1ead4072b8137190f8f0b"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Injection [RST] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-116. Improper encoding or escaping of output |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1a79c44cf884ef70-c9de714e-49564d60-b7bba1a2-363fa3692529a42960e9e3f8"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. References#OWASP 05]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cf5d3acfe731e270-0c6f1365-45f1452d-a6c9a57b-005eb8606cf13ece0820ffa5"><ac:plain-text-body><![CDATA[ | [[OWASP 2007 | AA. References#OWASP 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b6b7fa9378543954-85ec3b62-456d46e7-8cd988b5-98e26507ab44bb2edf0e4f4f"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. References#OWASP 08]] | [Testing for XML Injection (OWASP-DV-008) | https://www.owasp.org/index.php/Testing_for_XML_Injection_%28OWASP-DV-008%29] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7cff9d69b46f5dc2-508001e6-4ee04bf9-b10a851d-6e4ab308798f384c6b7013a6"><ac:plain-text-body><![CDATA[ | [[W3C 2008 | AA. References#W3C 08]] | 4.4.3, Included If Validating | ]]></ac:plain-text-body></ac:structured-macro> |
...