From: Colin Wong (colin.wong@sift.com.au)
Date: Wed Sep 27 2006 - 01:42:39 EDT
SIFT has released a new Intelligence Report that provides a discussion on a
new network reconnaissance technique, using XML for completing remote port
scans that effectively bypass a perimeter firewall. The technique utilises
properties of XML parsers to perform the scanning of systems, and while the
technique relies on some reasonably specific implementation details in order
to be exploitable remotely, it is potentially applicable to any application
that accepts XML document inputs.
Several workarounds exist and have been detailed in this paper and the
technique does not offer the ability to perform advanced fingerprinting or
analysis of the underlying operating system of hosts. However, this
technique demonstrates the danger that inadequately configured XML parsers
can pose to an organisation and highlights the inability of traditional
network security devices to handle application-level threats.
The report is available for download from the SIFT website:
http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perime
ter-firewalls.htm
Regards,
Colin Wong
www.sift.com.au
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:01 EDT