SIFT has released a new Intelligence Report that provides a
discussion on a
new network reconnaissance technique, using XML for
completing remote port
scans that effectively bypass a perimeter firewall. The
technique utilises
properties of XML parsers to perform the scanning of
systems, and while the
technique relies on some reasonably specific implementation
details in order
to be exploitable remotely, it is potentially applicable to
any application
that accepts XML document inputs.
Several workarounds exist and have been detailed in this
paper and the
technique does not offer the ability to perform advanced
fingerprinting or
analysis of the underlying operating system of hosts.
However, this
technique demonstrates the danger that inadequately
configured XML parsers
can pose to an organisation and highlights the inability of
traditional
network security devices to handle application-level
threats.
The report is available for download from the SIFT website:
http://www.sift.com.au/36/172/xml-po
rt-scanning-bypassing-restrictive-perime
ter-firewalls.htm
Regards,
Paul Theriault
www.sift.com.au
------------------------------------------------------------
-------------
Sponsored by: Watchfire
It's been reported that 75% of websites are vulnerable to
attack. That's
because hackers know to exploit weaknesses in web
applications.
Traditional approaches to securing these assets no longer
apply. Download
the "Addressing Challenges in Application
Security" whitepaper today, and
see for yourself.
https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701500000008Vmw
------------------------------------------------------------
--------------
|