Posible XML, Shell Injection
|Priority:||Won't have this time||Due date:|
Testing security of my site with Backtrack, returned me some security warnings about possible XML and Shell Injection
as detected a possible XML injection vulnerability. XML injection can occur when externally supplied data that has not been sufficiently validated is used to create an XML document. It is possible for this data to corrupt the structure of the documents. The possible consequences depend on the XML document and what it is used for.
- has detected that it may be possible to corrupt the structure of a server-side XML document.
- This could affect the logic of the application, depending on how the XML document is used.
- An XML injection vulnerability can lead to a loss of integrity of the data used or stored by the application.
Updated by Mario Garcia over 1 year ago
Message about Shell Injection:
Command injection vulnerabilities often occur when inadequately sanitized externally supplied data is as part of a system command executed through a command interpreter, or shell. Vulnerabilities such as these can be exploited by using shell metacharacters to run additional commands that were not intended to be executed by the application developer. The system() function, and derivatives, are often responsible, as these functions are very simple to use. These vulnerabilities can grant remote access to attackers, if exploited successfully.