Home > CAPEC List > CAPEC-230: XML Nested Payloads (Version 2.9)  

CAPEC-230: XML Nested Payloads

 
XML Nested Payloads
Definition in a New Window Definition in a New Window
Attack Pattern ID: 230
Abstraction: Standard
Status: Draft
Completeness: Complete
Presentation Filter:
+ Summary

Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].

+ Attack Execution Flow
Explore
  1. An attacker determines the input data stream that is being processed by an XML parser on the victim's side.

Experiment
  1. An attacker crafts input data that may have an adverse effect on the operation of the XML parser when the data is parsed on the victim's system.

+ Attack Prerequisites
  • An application uses an XML parser to perform transformation on user-controllable data.

  • An application does not perform sufficient validation to ensure that user-controllable data is safe for an XML parser.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Medium

+ Methods of Attack
  • Injection
  • API Abuse
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Denial of service

Skill or Knowledge Level: High

Arbitrary code execution

+ Indicators-Warnings of Attack

Bad data is passed to the XML parser, possibly making it crash.

+ Solutions and Mitigations

Carefully validate and sanitize all user-controllable data prior to passing it to the XML parser routine. Ensure that the resultant data is safe to pass to the XML parser.

Perform validation on canonical data.

Pick a robust implementation of an XML parser.

Validate XML against a valid schema or DTD prior to parsing.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Availability
DoS: resource consumption (memory)
Confidentiality
Read memory
Confidentiality
Integrity
Availability
Execute unauthorized code or commands
Confidentiality
Access_Control
Authorization
Gain privileges / assume identity
+ Injection Vector

Application XML-compliant interface

+ Payload

User-controllable XML code

+ Activation Zone

The XML parser code.

+ Purposes
  • Penetration
  • Exploitation
+ CIA Impact
Confidentiality Impact: MediumIntegrity Impact: HighAvailability Impact: High
+ Technical Context
Architectural Paradigms
Client-Server
SOA
Frameworks
All
Platforms
All
Languages
All
+ References
[R.230.1] [REF-43] Shlomo, Yona. "XML Parser Attacks: A summary of ways to attack an XML Parser". What is an XML Parser Attack?. 2007. <http://yeda.cs.technion.ac.il/~yona/talks/xml_parser_attacks/slides/slide2.html>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015