ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filippo Capocasale <keroua...@gsmbox.it>
Subject Re: It's too easy to hack an XMLRPC WebServer!
Date Thu, 15 Apr 2004 15:32:18 GMT
Of course I generate that "tricky" string with the "\b" character just ad-hoc. It's of no use
in my real client.
The point, as you said, is that everybody can crash the server whenever he wants...
The problem, in my opinion, is not that the parser generate an exception (which is right!),
but in the fact that the WebServer does not handle properly this exception.

The error I get on the client with the "tricky" string is:
Sync HttpSendRequest failed (-504)

The error I get on the "good" client after the server has been "hacked" is:
"Unexpected end of file from server"

   Best regards,
     Filippo

 

Scrive John Wilson <tug@wilson.co.uk>:

> 
> On 15 Apr 2004, at 14:48, Filippo Capocasale wrote:
> 
> > I've tried with xerces...
> >
> > XmlRpc.setDriver("org.apache.xerces.parsers.SAXParser");
> >
> > ... but it's the same.
> >    Thankyou very much,
> >        Filippo
> >
> 
> Ok,
> 
> 	what seems to be happening is that you are sending "prova\b"
> as the 
> String value. The BEL character 0X07 is not allowed in an XML
> document 
> (not even if it's replaced by a numeric character entity). The
> parser 
> will then throw a SAXException as the XML is not well formed.
> 
> The client should really refuse to send this message. However
> that 
> doesn't stop bad people generating this sort of message by
> hand.
> 
> Do you get a response from the server for each call? If so
> what is it?
> 
> John Wilson
> The Wilson Partnership
> http://www.wilson.co.uk
> 
> 


-----------------------------------------------------------------
Questo messaggio  stato inviato utilizzando http://it.my.gsmbox.com 

Mime
View raw message