CGI Generic XML Injection

medium Nessus Plugin ID 46196

Synopsis

A CGI application hosted on the remote web server is potentially prone to an XML injection attack.

Description

By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access a SOAP back-end.

An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.

Exploitation of XML injections is usually far from trivial.

Note that this script is experimental and may be prone to false positives especially, if a PHP application uses 'strip_tags()' to sanitize user input.

Solution

Modify the affected CGI scripts so that they properly escape arguments, especially XML tags and special characters (angle brackets and slashes).

See Also

http://www.nessus.org/u?5691cc8c

Plugin Details

Severity: Medium

ID: 46196

File Name: torture_cgi_xml_injection.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 4/30/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 713, 722, 727, 810, 91, 928, 929

OWASP: OWASP-DV-008