secDevLabs icon indicating copy to clipboard operation
secDevLabs copied to clipboard
verified publisher icon globocom

ViniJR Blog (resolution)

Open RayTdC opened this issue 1 year ago • 0 comments

This solution refers to which of the apps?

A5 - ViniJR Blog

What did you do to mitigate the vulnerability?

The app had a problem processing incoming XML in its "contact.php" code structure, which could load and process external entities, allowing the attacker to extract data from the server. To mitigate this vulnerability, an adaptation was made to the code to check whether the XML document is valid before proceeding with processing. If the XML is considered valid after these checks, the code continues processing it normally. Otherwise, it displays a message indicating that the XML input is invalid.

In the image below, you can see that after the changes, it is no longer possible to extract data from the server.

Captura de Tela 2024-04-17 às 16 01 46

RayTdC avatar Apr 17 '24 19:04 RayTdC