1
Bananadude
Feed Injection in Web 2.0

One new feature of "Web 2.0", the movement to build a more responsive Web, is the utilization of XML content feeds which use the RSS and Atom standards. These feeds allow both users and Web sites to obtain content headlines and body text without needing to visit the site in question, basically providing users with a summary of that sites content. Unfortunately, many of the applications that receive this data do not consider the security implications of using content from third parties and unknowingly make themselves and their attached systems susceptible to various forms of attack.

This white paper discusses various forms of attacks based on Web feeds that follow the RSS, Atom and XML standards. This paper does not extensively cover each XML element and its usage within Web-based feeds, nor does it address other vulnerability scenarios such as buffer overflows and other XMLspecific risks. The goal of this paper is to outline the risks of lesser-known threats which are currently emerging on the Web utilizing Cross-Site Scripting.

Read it at
http://www.spidynamics.com/assets/documents/HackingFeeds.pdf
--- censored by Bananadude ---

2
phppp
Re: Feed Injection in Web 2.0
  • 2006/8/4 8:58

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


Checked the article briefly, one question:
Most applications accept feeds from trusted sources only (assuming they are really trustable). In this case, feed is not vulnerable. right?

Login

Who's Online

407 user(s) are online (289 user(s) are browsing Support Forums)


Members: 0


Guests: 407


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits