XSLT Injection
Reference
Plugin Id: 90017 | CWE: 91
Resource
Remediation
To mitigate the risk of XSLT Injection, the following steps can be taken:
-
Input validation: Validate and sanitize all user input before using it in XSL transformations. This can be done by implementing strict input validation routines and using secure coding practices.
-
Parameterized queries: Use parameterized queries or prepared statements when constructing XSL transformations. This helps to prevent malicious input from being interpreted as code.
-
Least privilege: Ensure that the XSLT processor is running with the least privileges necessary to perform its intended functions. This can help limit the potential impact of an XSLT Injection attack.
-
Secure configuration: Configure the XSLT processor to disable external entity resolution and limit access to sensitive system resources. This can help prevent an attacker from reading system information or accessing files.
About
XSLT Injection is a vulnerability that occurs when an attacker is able to inject malicious code into an XSL transformation. XSLT (Extensible Stylesheet Language Transformations) is a language used to transform XML documents into different formats, such as HTML or plain text.
An attacker can exploit this vulnerability by injecting malicious code into the XSL transformation, which is then executed by the XSLT processor. This can lead to various security risks, including the ability to read system information, read and write files, or execute arbitrary code.
Risks
The risks associated with XSLT Injection include:
-
Information disclosure: An attacker may be able to read sensitive system information, such as configuration files or database credentials, by injecting malicious code into the XSL transformation.
-
File manipulation: By injecting malicious code, an attacker may be able to read or write files on the system. This can lead to unauthorized access to sensitive data or the ability to modify critical system files.
-
Arbitrary code execution: XSLT Injection can allow an attacker to execute arbitrary code on the system. This can lead to complete compromise of the system, allowing the attacker to gain full control over the affected environment.
It is important to address this vulnerability to prevent potential security breaches and protect the integrity and confidentiality of the system and its data.