Bug #33542
Posible XML, Shell Injection
| Status: | Resolved | Start date: | 2012-01-30 | |
|---|---|---|---|---|
| Priority: | Won't have this time | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Vulnerability | |||
| Target version: | - | |||
| Votes: | 0 |
Description
Testing security of my site with Backtrack, returned me some security warnings about possible XML and Shell Injection
Message:
as detected a possible XML injection vulnerability. XML injection can occur when externally supplied data that has not been sufficiently validated is used to create an XML document. It is possible for this data to corrupt the structure of the documents. The possible consequences depend on the XML document and what it is used for.
- has detected that it may be possible to corrupt the structure of a server-side XML document.
- This could affect the logic of the application, depending on how the XML document is used.
- An XML injection vulnerability can lead to a loss of integrity of the data used or stored by the application.
- XML may be an injection vector that bypasses content filters (e.g. including javascript in a CDATA section).
History
Updated by Mario Garcia over 1 year ago
Message about Shell Injection:
Command injection vulnerabilities often occur when inadequately sanitized externally supplied data is as part of a system command executed through a command interpreter, or shell. Vulnerabilities such as these can be exploited by using shell metacharacters to run additional commands that were not intended to be executed by the application developer. The system() function, and derivatives, are often responsible, as these functions are very simple to use. These vulnerabilities can grant remote access to attackers, if exploited successfully.
Updated by Felix Nagel about 1 year ago
- Category set to Vulnerability
Updated by Dmitry Dulepov about 1 year ago
- Status changed from New to Resolved
- Priority changed from Should have to Won't have this time
The report is too generic and does not provide any useful information to identify or fix issues.