Penetration Testing mailing list archives
XML Port Scanning
From: "Colin Wong" <colin.wong () sift com au>
Date: Wed, 27 Sep 2006 15:42:39 +1000
SIFT has released a new Intelligence Report that provides a discussion on a new network reconnaissance technique, using XML for completing remote port scans that effectively bypass a perimeter firewall. The technique utilises properties of XML parsers to perform the scanning of systems, and while the technique relies on some reasonably specific implementation details in order to be exploitable remotely, it is potentially applicable to any application that accepts XML document inputs. Several workarounds exist and have been detailed in this paper and the technique does not offer the ability to perform advanced fingerprinting or analysis of the underlying operating system of hosts. However, this technique demonstrates the danger that inadequately configured XML parsers can pose to an organisation and highlights the inability of traditional network security devices to handle application-level threats. The report is available for download from the SIFT website: http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perime ter-firewalls.htm Regards, Colin Wong www.sift.com.au ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- XML Port Scanning Colin Wong (Sep 27)