File:OWASP Switzerland Meeting 2015-06-17 XSLT SSRF ENG.pdf

From OWASP
Jump to: navigation, search
OWASP_Switzerland_Meeting_2015-06-17_XSLT_SSRF_ENG.pdf(file size: 1.52 MB, MIME type: application/pdf)

An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the context of information security. For example it is possible to include other files or even run commands. These processors enable you also to perform so called Server Side Request Forgeries (SSRF). SSRF is a technique which triggers a request on the vulnerable host. So it is possible for an attacker to access remote machines which are not directly available for the attacker. In a student project at the Hochschule für Technik Rapperswil (HSR), we did some testing on vulnerabilities of XSLT processors and the ability to use them for SSRF. In our talk we will present the test results and show a live demonstration. You will see which processor is vulerable against which vulnerabilities and what a developer can do to use them safely.

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeDimensionsUserComment
current14:57, 1 July 2015 (1.52 MB)Schattenbaum (talk | contribs)An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the context of information security. For example it is possi...
  • You cannot overwrite this file.

There are no pages that link to this file.