You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I noticed to a piece of code under HtmlParser.php that stood up: libxml_disable_entity_loader(false); - meaning that the server enables loading an external XML entity.
This makes the app vulnerable to XXE (eXternal XML Entity) attacks.
Vulnerability Analysis
libxml_disable_entity_loader(false)
This explicitly enables loading external entities, which is one of the primary causes of XXE vulnerabilities. It allows the XML parser to process external resources referenced in the XML.
Use of \DOMDocument::loadHTMLFile($url)
The loadHTMLFile method fetches and processes an HTML document from the provided URL. Since libxml_disable_entity_loader(false) is used, it enables the document to include and process external entities if they are defined in the fetched HTML or XML.
Use of simplexml_import_dom($doc)
The simplexml_import_dom function converts a DOMDocument object to a SimpleXML object, which can still be influenced by external entities if the input document ($doc) contains maliciously crafted XML or HTML.
How the Code Processes This Input:
1. The code fetches and loads the malicious document using \DOMDocument::loadHTMLFile($url).
2. External entities (&xxe;) are resolved because libxml_disable_entity_loader(false) allows it.
3. When simplexml_import_dom($doc) processes the document, the external entity is resolved and replaced with the contents of /etc/passwd.
4. The title returned by the method contains sensitive information (/etc/passwd).
Mitigation: To prevent XXE attacks, you need to disable external entity loading.
The text was updated successfully, but these errors were encountered:
Hi,
I noticed to a piece of code under HtmlParser.php that stood up:
libxml_disable_entity_loader(false);- meaning that the server enables loading an external XML entity.This makes the app vulnerable to XXE (eXternal XML Entity) attacks.
Vulnerability Analysis
libxml_disable_entity_loader(false)This explicitly enables loading external entities, which is one of the primary causes of XXE vulnerabilities. It allows the XML parser to process external resources referenced in the XML.
Use of \DOMDocument::loadHTMLFile($url)The
loadHTMLFilemethod fetches and processes an HTML document from the provided URL. Sincelibxml_disable_entity_loader(false)is used, it enables the document to include and process external entities if they are defined in the fetched HTML or XML.Use of simplexml_import_dom($doc)The
simplexml_import_domfunction converts a DOMDocument object to a SimpleXML object, which can still be influenced by external entities if the input document ($doc) contains maliciously crafted XML or HTML.How the Code Processes This Input:
Mitigation: To prevent XXE attacks, you need to disable external entity loading.
The text was updated successfully, but these errors were encountered: