Meow's CyberAttack - Application/Server Attacks - Injection - XML injection
book: S+ 7th ch9
Meow’s CyberAttack - Application/Server Attacks - Injection - XML injection
XML Injection
XML 指可扩展标记语言(extensible markup language), XML 被设计用来传输和存储数据。
XML injection attack:
- users enter values that query XML (known as XPath) > with values that take advantage of exploits
- XPath works in a similar manner to SQL
- does not have the same levels of access control, but taking advantage of weaknesses and return entire documents.
prevention
- Best way to prevent: filter input >, sanitize it to make certain that it does not cause XPath to return more data > than it should.
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.