What is an XML round trip vulnerability?



  • I keep hearing about the XML round trip vulnerability in version 3.2.4 of the Ruby package REXML. I looked into it myself, of course, and it seems to have something to do with parsing an XML document, then putting it back into XML again, and it coming out incorrect or just different than the original.

    Presumably, it can be different in dangerous ways.

    Is that correct? Can someone link me to resources that explicate this kind of vulnerability, or perhaps help me (and anyone else in the future) understand exactly how this works?

    Thanks!



  • Sigh. I figured it out by reading the HackerOne post that was right there in the Ruby link in my original post.

    It's exactly what I thought - you can cleverly form XML that will be parsed and come out differently than expected, sometimes in dangerous ways.

    I highly recommend reading the HackerOne post for a very clear explanation, but anyone else who cares to simplify feel welcome to post an additional answer here and I'll accept it.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2