Injecting the script tag into XML

Back to articles

hackvertor

Author:

Gareth Heyes

@hackvertor

Published: Tue, 09 Oct 2007 13:09:54 GMT

Updated: Sat, 22 Mar 2025 15:38:05 GMT

Firefox is now the browser I like hacking, there's just so much stuff it can do. I simply don't have enough time to explore everything, but what I have found was some very interesting XML behavior. I was helping Ronald a while back with a Firefox chrome security flaw and we discussed on slackers that some XML entities in Firefox contain sensitive information which it is possible to read using XHR.

I thought of what other interesting things I could do with XML entities and I found a way of injecting script tags using them. This could have implications if you offer a HTML upload service but you filter out dangerous tags for example. The proof of concept is very basic but displays the method clearly.

XML injection

Back to articles