OWASP Periodic Table of Vulnerabilities - Routing Detour
Root Cause Summary
This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.
Browser / Standards Solution
Generic Framework Solution
Provide configuration-based whitelist for WS Routing destinations.
Custom Framework Solution
Custom Code Solution
Discussion / Controversy