<< PREVIOUS  NEXT >>  

XML INJECTION

1. Code: 31

2. Brief Description: XML Injection

3. Sample log message:

   1. CEF format 

       

      Aug  5 19:07:57 10.15.3.46 CEF: 1|Virsec Security Platform|Virsec|1.3.6|31|XML Injection|10|EventId=VS-XML-080520-A00023|Application_Name=Ubuntu14_NGWAF_job1 1 Server_Name=ubuntu-162 Incident_Level=ATTACK Incident_Category=WEB_ATTACK Incident_Type=XML Injection Incident_Timestamp=05 Aug 2020 11:07:22 PM UTC Threat Description=XML eXternal Entity: LFI/RFI using wrapper Matched Data=Matched Data: ?xml version=\x221.0\x22?><!DOCTYPE lolz [<!ENTITY lol \x22lol\x22><!ENTITY lol2 \x22&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\x22><!ENTITY lol3 \x22&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;\x22><!ENTITY lol4 \x22&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;\x22><!ENTITY lol5 \x22&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;\x22><!ENTITY lol6 \x22&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;\x22><!ENTITY lol7 \x22&lol6... HTTP Request=/xxe.php Unique Transaction ID=Xys72X8AAAEAAAFF7qoAAAAC Action=detected Tags=application-multi,platform-multi,attack-xxe,OWASP_CRS/WEB_ATTACK/XXE,WASCTC/WASC-43,OWASP_TOP_10/A4,paranoia-level/1 Severity=CRITICAL Attacker=10.15.3.7:56820 Rule Id=945100 Matched Rule File=/var/virsec/vsp_waf/vsp_waf_crc/rules/REQUEST-945-APPLICATION-ATTACK-XML.conf Primary Incident=true pid=325 description=XML Injection category=Web Attack eventTime=2020-08-05 16:13:06.297741 tid=NA