XSLT Injection is a security vulnerability that occurs when an application uses untrusted user input to construct an XSLT (Extensible Stylesheet
Language Transformations) stylesheet. XSLT engines are powerful templating tools designed to transform XML documents
What is the potential impact?
An attacker can provide malicious XSLT code that the application’s XML processor will then execute, such as references to other files, embedded
scripts, or special objects.
Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the vulnerability.
Reading Sensitive Files
The most common impact of XSLT Injection is the ability to read files from the server’s file system. XSLT has built-in functions that can access
local or remote XML files. An attacker can use this function to read sensitive information.
Attacking Other Systems
Attackers can use XSLT Injection to force the server to make network requests to other systems on the internal network that are not accessible from
the internet.
This could allow an attacker to: * Scan the internal network for open ports and active services. * Access internal, unprotected administrative
panels. * Interact with cloud provider metadata services to steal access credentials.
Denial of Service
A malicious stylesheet can also be designed to consume a large amount of server resources, such as memory or CPU time. This can cause the
application to slow down or crash, making it unavailable for legitimate users.
An attacker could create a recursive stylesheet that never
finishes, causing the processor to enter an infinite loop and exhaust all available CPU resources.
