-
Notifications
You must be signed in to change notification settings - Fork 103
Test 13) Weak XML Schema: Unbounded Occurrences
Yalçın YOLALAN edited this page Mar 28, 2018
·
2 revisions
Vulnerability Type Static
Test Web Service URI http://[yourhostName]/WeakXMLTest.asmx?WSDL
Vulnerable Code Block The following lines set maxOccurs attribute value to unbounded. This can lead to resource exhaustion and ultimately a denial of service.
<s:element minOccurs="0" maxOccurs="unbounded" name="CompType" nillable="true" type="tns:CompType" xmlns:s="http://www.w3.org/2001/XMLSchema" />
<s:element minOccurs="0" maxOccurs="unbounded" name="int" type="s:int" xmlns:s="http://www.w3.org/2001/XMLSchema" />
<s:element minOccurs="0" maxOccurs="unbounded" name="string" nillable="true" type="s:string" xmlns:s="http://www.w3.org/2001/XMLSchema" />
<s:element minOccurs="0" maxOccurs="unbounded" name="Book" xmlns:s="http://www.w3.org/2001/XMLSchema">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="Title" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="Author" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="PublishDate" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
Indications of Vulnerability
Static analysis reveals that the wsdl file contains maxOccurs=”unbounded” elements.
- Home
- Installation
- Usage
- Default Parameter Values
- Scope
- Donation
-
Testing Activities
- XML Bombs
- External Entity Attacks
- Insecure Communication
- Insufficient Authentication Test
- Cross Site Scripting
- SQL Injection
- XPATH Injection
- Verbose SOAP Fault Message
- Weak WS-SecurityPolicy: Insecure Transport
- Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
- Weak WS-SecurityPolicy: Tokens Not Protected
- Weak XML Schema: Undefined Namespace
- Weak XML Schema: Unbounded Occurrences