File:OWASP Switzerland Meeting 2015-06-17 XSLT SSRF ENG.pdf

An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the context of information security. For example it is possible to include other files or even run commands. These processors enable you also to perform so called Server Side Request Forgeries (SSRF). SSRF is a technique which triggers a request on the vulnerable host. So it is possible for an attacker to access remote machines which are not directly available for the attacker. In a student project at the Hochschule für Technik Rapperswil (HSR), we did some testing on vulnerabilities of XSLT processors and the ability to use them for SSRF. In our talk we will present the test results and show a live demonstration. You will see which processor is vulerable against which vulnerabilities and what a developer can do to use them safely.