This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
File:OWASP Switzerland Meeting 2015-06-17 XSLT SSRF ENG.pdf
An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the context of information security. For example it is possible to include other files or even run commands. These processors enable you also to perform so called Server Side Request Forgeries (SSRF). SSRF is a technique which triggers a request on the vulnerable host. So it is possible for an attacker to access remote machines which are not directly available for the attacker. In a student project at the Hochschule für Technik Rapperswil (HSR), we did some testing on vulnerabilities of XSLT processors and the ability to use them for SSRF. In our talk we will present the test results and show a live demonstration. You will see which processor is vulerable against which vulnerabilities and what a developer can do to use them safely.
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Dimensions | User | Comment | |
---|---|---|---|---|
current | 19:57, 1 July 2015 | (1.52 MB) | Schattenbaum (talk | contribs) | An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the context of information security. For example it is possi... |
- You cannot overwrite this file.
File usage
There are no pages that link to this file.