Techly NewsGet the app

Get the latest tech news

Defusedxml – defusing XML bombs and other exploits


Contribute to tiran/defusedxml development by creating an account on GitHub.

An attacker can abuse a vulnerable XML library and application to rebound and forward network requests with the IP address of the server. An attacker can circumvent firewalls and gain access to restricted resources as all the requests are made from an internal and trustworthy IP address, not from the outside. (thanks to Florian Apolloner) Add demo exploit for external entity attack on Python's SAX parser, XML-RPC and WebDAV.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Exploits

Exploits

Photo of xml

xml

Photo of XML bombs

XML bombs

Related news:

News photo

Russian Government Hackers Found Using Exploits Made By Spyware Companies NSO and Intellexa

News photo

Russian government hackers found using exploits made by spyware companies NSO and Intellexa

News photo

Dasel: Select, put and delete data from JSON, TOML, YAML, XML and CSV

« Another Extreme Low for Antarctic Sea Ice Signals a Permanent Shift
Show HN: Ask LLMs to predict anything based on news »