ZAP – XSLT Injection

Details
Alert ID	90017
Alert Type	Active
Status	release
Risk	Medium
CWE	91
WASC	23
Technologies Targeted	All
Tags	CWE-91 HIPAA OWASP_2017_A01 OWASP_2021_A03 PCI_DSS POLICY_API POLICY_DEV_CICD POLICY_DEV_FULL POLICY_DEV_STD POLICY_PENTEST POLICY_QA_CICD POLICY_QA_FULL POLICY_QA_STD POLICY_SEQUENCE
More Info	Scan Rule Help

Summary

Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.

Solution

Sanitize and analyze every user input coming from any client-side.

Other Info

The response to sending an XSLT token included error messages that may indicate a vulnerability to XSLT injections.

References

https://book.hacktricks.wiki/en/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.html

Code

org/zaproxy/zap/extension/ascanrules/XsltInjectionScanRule.java